安全备注

  • JWT不防幂等?(重方)
    • 加上时间戳后呢?
  • JWT参数是可解密的。
  • JWT可防篡改(Token参数校验完整性)
  • JWT不防水平越权;

    依赖配置

    1.       <dependency>
    2.           <groupId>io.jsonwebtoken</groupId>
    3.           <artifactId>jjwt-api</artifactId>
    4.           <version>0.10.7</version>
    5.       </dependency>
    6.       <dependency>
    7.           <groupId>io.jsonwebtoken</groupId>
    8.           <artifactId>jjwt-impl</artifactId>
    9.           <version>0.10.7</version>
    10.           <scope>runtime</scope>
    11.       </dependency>
    12.       <dependency>
    13.           <groupId>io.jsonwebtoken</groupId>
    14.           <artifactId>jjwt-jackson</artifactId>
    15.           <version>0.10.7</version>
    16.           <scope>runtime</scope>
    17.       </dependency>

代码编写

  1.     @Test
  2.     public void test(){
  3.         // We need a signing key, so we'll create one just for this example. Usually
  4. // the key would be read from your application configuration instead.
  5.         Key key = Keys.secretKeyFor(SignatureAlgorithm.HS256);
  6.         String jws = Jwts.builder().setSubject("Joe").signWith(key).compact();
  7.         System.out.println(jws);
  8.     }

参考资料