JAVA结合 JSON Web Token(JWT) 工具类
引入java-jwt-3.3.0.jar 、 jjwt-0.9.0.jar 、jackson-all-1.7.6.jar
或者maven
<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.7.0</version>
</dependency>JWTUtils.java
import io.jsonwebtoken.*;
import org.codehaus.jackson.map.ObjectMapper;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author yvioo。
*/
public class JWTUtils {
/\*\*
\* 服务器的kye.用户做加解密的key数据。
\*/
private static final String JWT\_SECERT = "23asfeferfggrtg";
private static final ObjectMapper MAPPER = new ObjectMapper();
public static SecretKey generalKey() {
try {
byte\[\] encodedKey = JWT\_SECERT.getBytes("UTF-8");
SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
return key;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/\*\*
\* 签发JWT,创建token的方法
\*
\* @param id jwt的唯一标识,主要用来做一次性token。
\* @param iss jwt签发者
\* @param subject jwt所面向的用户。一般使用用户的登录名
\* @param headerMap 请求头map集合
\* @param ttlMillis 有效期,单位毫秒
\* @return token 是为一个用户的有效登录周期准备的一个token 。用户退出或超时,token失效
\*/
public static String createJWT(String id, String iss, String subject, Map<String, Object> headerMap, long ttlMillis) {
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMilllis = System.currentTimeMillis();
Date now = new Date(nowMilllis);
SecretKey secretKey = generalKey();
JwtBuilder builder = Jwts.builder()
.setId(id)
.setIssuer(iss)
.setSubject(subject)
//token生成时间
.setIssuedAt(now)
//设置密匙和算法
.signWith(signatureAlgorithm, secretKey);
if (headerMap != null) {
builder.setHeaderParams(headerMap);
}
if (ttlMillis > 0) {
long expMillis = nowMilllis + ttlMillis;
Date expDate = new Date(expMillis);
builder.setExpiration(expDate);
}
return builder.compact();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/\*\*
\* 解析JWT字符串
\*
\* @param jwt 就是生成的toekn
\* @return
\*/
public static Claims parseJWT(String jwt) {
SecretKey secretKey = generalKey();
return Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(jwt)
.getBody();
}
/\*\*
\* 解析JWT请求头字符串
\* @param jwt 就是生成的toekn
\* @return
\*/
public static JwsHeader parseJwsHeader(String jwt) {
SecretKey secretKey = generalKey();
return Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(jwt)
.getHeader();
}
/\*\*
\* 验证jwt
\*
\* @param jwtStr
\* @return
\*/
public static boolean validateJWT(String jwtStr) {
Claims claims = null;
try {
claims = parseJWT(jwtStr);
return true;
//成功
} catch (ExpiredJwtException e) {
//token过期
return false;
} catch (Exception e) {
return false;
}
}
public static String generalSubject(Object subject) {
try {
return MAPPER.writeValueAsString(subject);
} catch (Exception e) {
e.printStackTrace();
}
return subject + "";
}
public static void main(String\[\] args) {
Map<String, Object> param = new LinkedHashMap<>();
param.put("code", "1222");
String jwtToken = JWTUtils.createJWT("1", "test-jwt", JWTUtils.generalSubject("yvioo"), param, 1 \* 60 \* 1000);
System.out.println(jwtToken);
Claims claims = parseJWT(jwtToken);
System.out.println(claims.getId());
JwsHeader jwsHeader = parseJwsHeader(jwtToken);
System.out.println(jwsHeader.get("code"));
}
/\*\*
\* 获取接口放在header中的token
\*
\* @param request
\*/
public void test(HttpServletRequest request) {
//生成的token
String token = request.getHeader("Authorization");
//验证
boolean result = JWTUtils.validateJWT(token);
}}
手机扫一扫
移动阅读更方便
你可能感兴趣的文章