JWT generates token
The JWT tool
JWT (Json Web Token) is a JSON-based open standard for transferring claims between web application environments.
JWT claims are generally used to transfer authenticated user identity information between identity providers and service providers in order to obtain resources from resource servers. e.g. for user login
The most important role of JWT is the anti-counterfeiting effect of token information.
The principle of JWT,
a JWT consists of three parts: the public part, the private part, and the signature part. Finally, JWT is obtained by base64 encoding of the combination of these three.
1. The public part
is mainly related to the configuration parameters of the JWT, such as the encryption algorithm of the signature, format type, expiration time, etc.
Key=ATGUIGU
2. Private part
User-defined content, information to be encapsulated according to actual needs.
userInfo{user's Id, user's nickname nickName}
3. Signature part
SaltiP: Ip address of the current server! {ip of the proxy server configured in linux} When the
main user generates a string for the JWT, it encrypts the {salt value}
and finally consists of key+salt+userInfo token!
base64 encoding is not encryption, but just turns the plaintext information into an invisible string. But in fact, you can decipher base64 encoding into plaintext with some tools, so don't put private information in JWT.
5.2 Integrate JWT
1 and add dependencies in the common-util module pom.xml
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
</dependency>
The version has been added 2 in the yygh-parent parent module pom.xml
, and the JwtHelper class is written in the common-util module
public class JwtHelper {
private static long tokenExpiration = 24*60*60*1000;
private static String tokenSignKey = "123456";
public static String createToken(Long userId, String userName) {
String token = Jwts.builder()
.setSubject("YYGH-USER")
.setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
.claim("userId", userId)
.claim("userName", userName)
.signWith(SignatureAlgorithm.HS512, tokenSignKey)
.compressWith(CompressionCodecs.GZIP)
.compact();
return token;
}
public static Long getUserId(String token) {
if(StringUtils.isEmpty(token)) return null;
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
Claims claims = claimsJws.getBody();
Integer userId = (Integer)claims.get("userId");
return userId.longValue();
}
public static String getUserName(String token) {
if(StringUtils.isEmpty(token)) return "";
Jws<Claims> claimsJws
= Jwts.parser().setSigningKey(tokenSignKey).parseClaimsJws(token);
Claims claims = claimsJws.getBody();
return (String)claims.get("userName");
}
public static void main(String[] args) {
String token = JwtHelper.createToken(1L, "55");
System.out.println(token);
System.out.println(JwtHelper.getUserId(token));
System.out.println(JwtHelper.getUserName(token));
}
}
Description: Execute the main method test
5.3 Improve the login service interface
and modify the login method of the UserInfoServiceImpl class
public Map<String, Object> loginUser(LoginVo loginVo) {
…………
//jwt生成token字符串
String token = JwtHelper.createToken(userInfo.getId(), name);
map.put("token",token);
return map;
}