package cn.hshb.analysis.core.utils; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.auth0.jwt.JWT; import com.auth0.jwt.JWTCreator; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import java.util.Date; public class JWTUtil { private final static Log logger = LogFactory.getLog(JWTUtil.class); private static final String SECRET = "n7B1pIPG#F!#1RQ7M1HJwS53$Bn#@H56W@Zc$4x3"; private static final String EXP = "exp"; private static final String PAYLOAD = "payload"; /** * get jwt String of object * * @param object the POJO object * @param maxAge the milliseconds of life time * @return the jwt token */ public static <T> String sign(T object, long maxAge) { try { Algorithm algorithm = Algorithm.HMAC256(SECRET); JWTCreator.Builder signer = JWT.create(); signer.withClaim(PAYLOAD, JSONObject.toJSONString(object)); long expire = System.currentTimeMillis() + maxAge; signer.withExpiresAt(new Date(expire)); return signer.sign(algorithm); } catch (Exception e) { return null; } } /** * get the object of jwt if not expired * * @return POJO object */ public static <T> T unsign(String token, Class<T> classT) { try { Algorithm algorithm = Algorithm.HMAC256(SECRET); JWTVerifier verifier = JWT.require(algorithm).build(); //Reusable verifier instance DecodedJWT jwt = verifier.verify(token); Claim claim = jwt.getClaim(PAYLOAD); return JSON.parseObject(claim.asString(), classT); } catch (Exception e) { return null; } } public static void main(String[] args) throws Exception { Page page = new Page(); String token = JWTUtil.sign(page, 3600000); logger.info(token); //Thread.sleep(1200); //token += "a"; Page currentPage = JWTUtil.unsign(token, Page.class); logger.info(currentPage); /*JWTCreator.Builder signer = JWT.create(); signer.withClaim("user", "s"); long expire = System.currentTimeMillis() + 2000 * 1000; signer.withExpiresAt(new Date(expire)); String token = signer.sign(algorithm); logger.info(token); try { DecodedJWT jwt = JWT.decode(token); String issuer = jwt.getIssuer(); Claim claim = jwt.getClaim("user"); Date expiresAt = jwt.getExpiresAt(); logger.info(claim.asString()); logger.info(expiresAt.getTime()); } catch (JWTDecodeException exception) { //Invalid token } algorithm = Algorithm.HMAC256("n7B1pIPG#F!#1RQ7M1HJwS53$Bn#@H56W@Zc$4x33"); JWTVerifier verifier = JWT.require(algorithm) .build(); //Reusable verifier instance DecodedJWT jwt = verifier.verify(token); logger.info(jwt);*/ } }
<!-- jwt token --> <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>${java-jwt.version}</version> </dependency>
package cn.hshb.analysis.api.controller; import cn.hshb.analysis.core.common.ApiResponse; import cn.hshb.analysis.core.utils.JWTUtil; import cn.hshb.analysis.entity.exception.BizErrorCode; import cn.hshb.analysis.entity.model.UserInfo; import com.alibaba.fastjson.JSONObject; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import java.util.ArrayList; import java.util.List; /** * @author 作者 * @version V1.0 * @Title: LoginController * @Package cn.hshb.analysis.api.controller * 用于身份登录认证 * @date 2018/2/22 15:14 */ @RestController public class LoginController { private static List<UserInfo> validPeoples = new ArrayList<>(); static { /* * The user identity information that can be used for login is set here, and the user name and password need to be avoided when publishing the official environment. */ validPeoples .add ( new UserInfo( "admin" , "admin" )) ; validPeoples .add ( new UserInfo( " admin124" , "154123" )) ; validPeoples .add ( new UserInfo( "admin1223" , "addsfs" )) ; } @RequestMapping ({ "/login" }) public ApiResponse login ( @RequestParam String username , @RequestParam String password) { /** * @param:[username, password] * login authentication * The third-party system needs to call the The interface must first call this interface to get the token * @return: cn.hshb.analysis.core.common.ApiResponse * @date:2018/2/22 */ if (username == null || password == null ) { return ApiResponse .fail(); } UserInfo user = null; for (UserInfo userInfo : validPeoples) { if (username.equals(userInfo.getUsername())) { user = userInfo; break; } } if (user == null) { return ApiResponse.fail(BizErrorCode.CU_MSG_000002.getCode(), BizErrorCode.CU_MSG_000002.getMsg()); } else { if (!password.equals(user.getPassword())) { return ApiResponse.fail(BizErrorCode.CU_MSG_000007.getCode(), BizErrorCode.CU_MSG_000007.getMsg()); } } JSONObject data = new JSONObject(); data.put("token", JWTUtil.sign(user, 7200 * 1000)); data.put("expire", 7200); return ApiResponse.success(data); } }