Use of JSON Web tokens and jsonwebtoken
JSON Web Token (JWT) is a lightweight specification. This specification allows us to use JWT to transmit secure and reliable information between users and servers.
1,
1 <dependency>2 <groupId>io.jsonwebtoken</groupId>3 <artifactId>jjwt</artifactId>4 <version>0.6.0</version>5 </dependency>
2. Create a TokenUtils class
1 package xxxxxx; 2 3 import java. security. key; 4 import java. util. date; 5 import java. util. map; 6 7 import javax. crypto. spec. secretKeySpec; 8 9 import org. apache. commons. codec. binary. base64; 10 11 import xxxxxx. cst; 12 13 import io. jsonwebtoken. claims; 14 import io. jsonwebtoken. jws; 15 import io. jsonwebtoken. jwtBuilder; 16 import io. jsonwebtoken. jwts; 17 import io. jsonwebtoken. signatureAlgorithm; 18 import io. jsonwebtoken. impl. crypto. macProvider; 19 20 public class TokenUtils {21 // version 22 public static String TOKEN_VERSION = "1"; 23 // set ISSUER 24 public static String ISSUER = "zhicall "; 25 // set the abstract topic 26 public static String SUBJECT = "subject"; 27 28 // HS256 Private Key 29 public static String HS256KEY = "xxxxxx "; 30 31 public static SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm. HS256; 32 33 public static Key signingKey = new SecretKeySpec (Base64.decodeBase64 (HS256KEY), signatureAlgorithm. getJcaName (); 34 35 public static String getJWTString (String login, Map <String, Object> claims) {36 37 long nowMillis = System. currentTimeMillis (); 38 claims. put (Claims. ID, TOKEN_VERSION); 39 claims. put (Claims. ISSUER, ISSUER); 40 claims. put (Claims. SUBJECT, SUBJECT); 41 claims. put (Claims. AUDIENCE, login); 42 claims. put (Claims. EXPIRATION, new Date (nowMillis + (Cst. TOKEN_TIMEOUT_MIN * 60*1000); 43 claims. put (Claims. ISSUED_AT, new Date (nowMillis); 44 45 JwtBuilder jwtBuilder = cmdts. builder (). setClaims (claims); 46 // System. out. println (System. currentTimeMillis ()-nowMillis); 47 jwtBuilder. signWith (signatureAlgorithm, signingKey); 48 return jwtBuilder. compact (); 49} 50 51 public static boolean isValid (String token) {52 try {53 Jws <Claims> extends sclaims = ts. parser (). setSigningKey (signingKey ). parseClaimsJws (token. trim (); 54 Long exp = (Long) extends sclaims. getBody (). get (Claims. EXPIRATION); 55 // System. out. println (exp-System. currentTimeMillis (); 56 return exp-System. currentTimeMillis ()> 0; 57} catch (Exception e) {58 e. printStackTrace (); 59 return false; 60} 61} 62 63 public static Map <String, Object> parseJWTtoMap (String token) {64 Claims claims = ts. parser (). setSigningKey (signingKey ). parseClaimsJws (token. trim ()). getBody (); 65 return claims; 66} 67 68 public static String getHS512Key () {69 Key key = MacProvider. generateKey (SignatureAlgorithm. HS512); 70 String keyStr = Base64.encodeBase64String (key. getEncoded (); 71 return keyStr; 72} 73}
3. Call the getJWTString (String login, Map <String, Object> claims) method to create a token, claims is a map, and other information such as permissions and roles can be passed in,