JWT Introduction
Json Web Token (JWT) is currently the more popular cross-domain authentication solution, is a JSON-based development standards, because the data is encrypted signed, relatively safe and reliable, is generally used to transmit information between front-end and server, It can also be used in a mobile terminal authentication information and transmitting the background.
Implementation:
1, first introduced in pom.xml dependent
<dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> <version>3.2.0</version> </dependency>
2, general usage will be written in a utility class here called JWTUtil, mainly includes the signature generation, verification, token acquiring these basic methods, encryption algorithms and talk about these headers:
Header Header: JWT describing basic information, typ indicate the use of JWT token, alg (algorithm) represents what algorithm uses a signature, a common algorithm HmacSHA256 (HS256), HmacSHA384 (HS384), HmacSHA512 (HS512), SHA256withECDSA (ES256), SHA256withRSA (RS256), SHA512withRSA (RS512) and so on. If the header information HS256 structure:
Specific code to achieve the following:
Package com.study.utils; Import com.auth0.jwt.JWT; Import com.auth0.jwt.JWTVerifier; Import com.auth0.jwt.algorithms.Algorithm; Import com.auth0.jwt.exceptions.JWTDecodeException; Import COM. auth0.jwt.interfaces.DecodedJWT; Import the java.util.HashMap; Import a java.util.Map; Import java.util.Date; public class JwtUtils { // set the expiration time to 15 minutes token Private static Final Long expire_time = 15 * 60 * 1000 ; // set the token private key Private static Final String of SECRET_KEY = "ilovezhongguo123" ; / * * generates signature *
* / public static String Sign (username String, String password) { the try { // set the expiration time to a Date DATE = new new a Date (System.currentTimeMillis () + expire_time); // private key and the encryption algorithm algorithm algorithm = Algorithm.HMAC256 (of SECRET_KEY); // set header information the Map <String, Object> = header new new the HashMap <> (2 ); header.put ( "the Type", "Jwt" ); header.put("alg", "HS256"); // 返回token字符串 return JWT.create() .withHeader(header) .withClaim("username", username) .withClaim("pwd", password) .withExpiresAt(date) .sign(algorithm); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 检验token是否正确 * @param **token** * @return */ public static boolean verify(String token,String username,String password){ try { Algorithm algorithm = Algorithm.HMAC256(password+SECRET_KEY); JWTVerifier verifier = JWT.require(algorithm) .withClaim("username",username) .build(); DecodedJWT jwt = verifier.verify(token); return true; } catch (Exception e){ return false; } } /** * 从token中获取username信息,无需解密 * @param **token** * @return */ public static String getUserName(String token){ try { DecodedJWT jwt = JWT.decode(token); if(System.currentTimeMillis()-jwt.getExpiresAt().getTime()>0){ return null; } return jwt.getClaim("loginName").asString(); } catch (JWTDecodeException e){ e.printStackTrace(); return null; } } }
3, using the controller layer, mainly acting on signature
@RequestMapping("login") public Map<String, Object> login(@RequestBody User user) { Map<String, Object> map = new HashMap<>(); User user1 = userService.queryUser(user); if (user1 != null) { String token = JwtUtils.sign(user1.getUsername(), user1.getPassword()); if (token != null) { map.put("status", "success"); map.put("token", token); map.put("message", "签名成功"); } } map.put("status", "error"); map.put("message", "签名失败"); return map; }