JWT
JWT, stands for Json Web Token, JSON is a lightweight style authorization and authentication specification, enabling stateless, distributed Web application authorization.
Data Format:
- Header: the head, the head usually has two pieces of information:
○ declared type, JWT is here
we will head base64 encode get the first - part of the data - Payload: load, it is valid data, typically contains the following information:
○ user identity information (note that here because the base64-encoded, can be decoded, so do not store sensitive information)
○ Registration Statement: As token of the issue of time, the expiration time, the issuer etc.
this part also base64-encoded to give a second portion of the data - Signature: Signature, authentication information is the whole data. The first two steps of the general data, coupled with the service key (Secret) (not
leak, preferably replaced periodically), generated by the encryption algorithm. Data integrity and reliability for the entire verification
JWT exchange procedure:
Asymmetric encryption
Encryption is the information encoding and decoding technology, the original code is readable information (also known as plaintext) translated code form (also known as ciphertext),
which is an inverse process of decoding (decryption), the encrypted encryption key points algorithm,
Encryption algorithm can be divided into three categories:
- Symmetric encryption, such as the AES
○ Rationale: The plaintext into N groups, and then use the key to encrypt individual groups, each formed ciphertext, and finally all the packets cipher
text are combined to form the final ciphertext.
○ Advantages: public algorithm, a small amount of computation, fast encryption speed, high efficiency encryption
○ flaw: they are both using the same key, security can not be guaranteed - Asymmetric cryptography, such as RSA
○ Rationale: simultaneously generate two keys: a public key and a private key, the private key secret preservation, public key can be distributed under the trust client
○ private key encryption, private or public key holders only you can decrypt
○ public key encryption, before holding a private key to decrypt
○ advantages: security, difficult to crack
○ disadvantages: time-consuming algorithms - Irreversible encryption, such as the MD5, the SHA
○ basic principles: the encryption process does not require the use of secret group, the arithmetic processing plain text encrypted into ciphertext directly by the system, this data can not be decrypted is encrypted, the ciphertext can not be in accordance with calculate the plaintext.
Zuul collection of authentication process
- RSA encryption is not
in the micro-service architecture, we can operate an authentication service into the gateway, will not seek direct interception by clearing authentication, as:
- RSA authentication is binding
<dependency>
<groundId>org.springframework.cloud</groundId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groundId>org.springframework.boot</groundId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groundId>org.springframework.cloud</groundId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<dependency>
<groundId>org.springframework.boot</groundId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groundId>com.leyou.user</groundId>
<artifactId>leyou-user-interface</artifactId>
</dependency>
Bootstrap class
@SpringBootApplication
@EnableDiscoveryClient
@EnableFeignClients
public class LeyouAuthApplication {
SpringApplication.run(LeyouAuthApplication.class);
}
/**
*载荷对象
*/
public class UserInfo{
private Long id;
private String username;
}
test
public class JwtTest {
private static final String pubKeyPath = "C:\\tmp\\rsa\\rsa. pub";
private static final String priKeyPath = "C:\\tmp\\rsa\\rsa.pri";
private Publickey publickey;
private Privatekey privateKey;
@Test
public void testRsa() throws Exception {
RsaUtils.generateKey(pubKeyPath,priKeypath, "234");
}
@Before
public void testGetRsa() throws Exception {
this.publickey = RsaUtils.getPublickey(pubKeyPath);
this.privateKey = RsaUtils.getPrivateKey(priKeyPath) ;
}
@Test
public void testGenerateToken() throws Exception {
//生成token
String token = JwtUtils.generateToken(new UserInfo(20L,"jack"), pr ivateKey,5);
System.out.printIn("token ="+ token);
}
@Test
public void testparseToken() throws Exception{
String token ="eyJhbGci0iJSUzI1NiJ9.eyJpZCI6MjAsInVzZXJuW1lIjoianFjayIsImV4cCI6MTUzMzI4MjQ3N3O.EPo35Vyg1IwZAtXVAx2TCWuOPnRwPc1RNAM4ody5CHk8RF55wdfKKJxjeGh4H3zgruRed9mE0Qzwy79iFInGAnvbkraG1D6iM-9zDW8M1G9if4MX579Mv1x571FewZE0- zKnPdFJgG1APtNWDPv4iKvbKok1-J7NUtRmMSF1wcg";
//解析token
UserInfo user = JwtUtils.getInfoFromToken(token,publickey);
System.out.printIn("id:”+ user.getId());
System.out.print1n("userName:" + user.getUsername();
}
}