JWT,JSON WEB TOKEN,是一种用于双方之间传递安全信息的简洁的、URL安全的表述性声明规范;
该工具类可快速实现jwt秘钥的加密和解密,适用于初学者快速入手;
项目实践 package com.sixmonth.micro.serv.page.common.jwt;import java.util.Date;import javax.crypto.SecretKey;import javax.crypto.spec.SecretKeySpec;import org.apache.commons.codec.binary.Base64;import com.alibaba.fastjson.JSONObject;import com.sixmonth.micro.serv.common.util.UUIDUtils;import io.jsonwebtoken.Claims;import io.jsonwebtoken.ExpiredJwtException;import io.jsonwebtoken.JwtBuilder;import io.jsonwebtoken.Jwts;import io.jsonwebtoken.MalformedJwtException;import io.jsonwebtoken.SignatureAlgorithm;import io.jsonwebtoken.SignatureException;import io.jsonwebtoken.UnsupportedJwtException;/** * JWTUtils工具类,生成jwt和解析jwt * JSON WEB TOKEN 结构组成: * (1)Header(头部):包含加密算法,通常直接使用 HMAC SHA256 * (2)Payload(负载):存放有效信息,比如消息体、签发者、过期时间、签发时间等 * (3)Signature(签名):由header(base64后的)+payload(base64后的)+secret(秘钥)三部分组合,然后通过head中声明的算法进行加密 * @author sixmonth * @date 2019年3月20日 * */public class JWTUtils {static String SECRETKEY = "KJHUhjjJYgYUllVbXhKDHXhkSyHjlNiVkYzWTBac1Yxkjhuad";/** * 由字符串生成加密key * * @return */public static SecretKey generalKey(String stringKey) {byte[] encodedKey = Base64.decodeBase64(stringKey);SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");return key;}/** * 创建jwt * @param id 唯一id,uuid即可 * @param subject json形式字符串或字符串,增加用户非敏感信息存储,如用户id或用户账号,与token解析后进行对比,防止乱用 * @param expirationDate 生成jwt的有效期,单位秒 * @return jwt token * @throws Exception */public static String createJWT(String uuid, String subject, long expirationDate) throws Exception {SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;long nowMillis = System.currentTimeMillis();Date now = new Date(nowMillis);SecretKey key = generalKey(SECRETKEY);JwtBuilder builder = Jwts.builder().setIssuer("").setId(uuid).setIssuedAt(now).setSubject(subject).signWith(signatureAlgorithm, key);if (expirationDate >= 0) {long expMillis = nowMillis + expirationDate*1000;Date exp = new Date(expMillis);builder.setExpiration(exp);}return builder.compact();}/** * 解密jwt,获取实体 * @param jwt */public static Claims parseJWT(String jwt) throws ExpiredJwtException, UnsupportedJwtException,MalformedJwtException, SignatureException, IllegalArgumentException {SecretKey key = generalKey(SECRETKEY);Claims claims = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt).getBody();return claims;}/*** 实例演示*/public static void main(String[] args) {try {JSONObject subject = new JSONObject(true);subject.put("tem", "哈哈哈");subject.put("userName", "sixmonth");String token = createJWT(UUIDUtils.getUUID(), subject.toJSONString(), 10);//10秒过期//System.out.println(token);Claims claims = parseJWT(token);System.out.println("解析jwt:"+claims.getSubject());JSONObject tem = JSONObject.parseObject(claims.getSubject());System.out.println("获取json对象内容:"+tem.getString("userName"));System.out.println(claims.getExpiration()+"///"+claims.getExpiration().getTime());} catch (Exception e) {e.printStackTrace();}}}添加依赖
<!-- jjwt支持 --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.7.0</version></dependency><!--commons-codec --><dependency><groupId>commons-codec</groupId><artifactId>commons-codec</artifactId></dependency> 总结实践出真知,自己动手,丰衣足食!