JWT 令牌
1、组成:
Header(头)记录令牌的类型和签名算法等
PayLoad(载荷)装载自定义信息 (注意不要存放私密信息)
Signature(签名)对头部和载荷进行加密计算得来
2、使用
引入java-jwt坐标
调用API生成和校验令牌
解析令牌抛出异常就证明令牌被篡改或者过期
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>4.4.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>public class JwtTest {
@Test
public void testGen() {
Map<String,Object> claims = new HashMap<>();
claims.put("id",1);
claims.put("username","张三");
String token = JWT.create()
.withClaim("user", claims)//添加载荷
.withExpiresAt(new Date(System.currentTimeMillis() + 1000 * 60 * 60))//添加过期时间
.sign(Algorithm.HMAC256("itheima"));//指定算法,配置密钥
System.out.println(token);
}
@Test
public void testParse(){
//定义字符串
String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" +
".eyJ1c2VyIjp7ImlkIjoxLCJ1c2VybmFtZSI6IuW8oOS4iSJ9LCJleHAiOjE3MDk0Njg5NjZ9" +
".VM4PL7LEN7ct3R8VZMRMf9EQFRpd_TCfoEd66S0aBuI";
JWTVerifier itheima = JWT.require(Algorithm.HMAC256("itheima"))
.build();
DecodedJWT verify = itheima.verify(token);
Map<String, Claim> claims = verify.getClaims();
System.out.println(claims.get("user"));
}
}