验证 token 有效性
Claims claims = Jwts.parser() .setSigningKey(config.getSecret().getBytes()) .parseClaimsJws(token) .getBody();
生成 token
// generate jwt token Instant now = Instant.now(); AuthorizationInfo info = realm.getAuthorizationInfo(subject); String token = Jwts.builder() .setSubject((String) subject.getPrincipal()) .claim("roles", info.getRoles()) .claim("permissions", info.getStringPermissions()) .setIssuedAt(Date.from(now)) .setExpiration(Date.from(now.plusSeconds(config.getExpiration()))) .signWith(SignatureAlgorithm.HS256, config.getSecret().getBytes()) .compact(); rsp.addHeader(config.getHeader(), config.getPrefix() + " " + token);
233