JWT_Token[大目录待整理] - JJWT - 《Java Web SSM等等》

快速开始
创建token
token的验证解析

JJWT是一个提供端到端的JWT创建和验证的Java库，永远免费和开源(Apache License，版本2.0)。JJW很容易使用和理解。它被设计成一个以建筑为中心的流畅界面，隐藏了它的大部分复杂性。

快速开始

引入依赖

 <!--JWT依赖-->
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>

创建token

public class JwtdemoApplicationTests {
    private static final String SECRETKEY="123123";
    @Test
    public void test() {
        //创建一个JwtBuilder对象
        JwtBuilder jwtBuilder = Jwts.builder()
                //声明的标识{"jti":"666"}
                .setId("666")
                //主体，用户{"sub":"Fox"}
                .setSubject("Fox")
                //创建日期{"ita":"xxxxxx"}
                .setIssuedAt(new Date())
                //设置过期时间   1分钟
                .setExpiration(new Date(System.currentTimeMillis()+60*1000))
                //claim可以存自己的一些信息
                //甚至可以直接传入map
                // .addClaims(map)
                .claim("roles","admin")
                .claim("logo","xxx.jpg")
                //签名手段，参数1：算法，参数2：盐
                .signWith(SignatureAlgorithm.HS256, SECRETKEY);
        //获取token   jwt
        String token = jwtBuilder.compact();
        System.out.println(token);
        // eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI2NjYiLCJzdWIiOiJGb3giLCJpYXQiOjE2NDQyODY3MTYsImV4cCI6MTY0NDI4Njc3Niwicm9sZXMiOiJhZG1pbiIsImxvZ28iOiJ4eHguanBnIn0.dixD_GK5eYBXKdQDTQnwxn3i5TSoTp4SJvXKoqjdNVY
        //三部分的base64解密
        System.out.println("=========");
        String[] split = token.split("\\.");
        System.out.println(Base64Codec.BASE64.decodeToString(split[0]));
        // {"alg":"HS256"}
        System.out.println(Base64Codec.BASE64.decodeToString(split[1]));
        // {"jti":"666","sub":"Fox","iat":1644286716,"exp":1644286776,"roles":"admin","logo":"xxx.jpg
        //base64无法解密,所以输出的是乱码,无法解析的原因是为了安全性保证
        System.out.println(Base64Codec.BASE64.decodeToString(split[2]));
        // v,C�^`�u �B|1�x�M*����r��7M
    }
}

输出结果:

eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI2NjYiLCJzdWIiOiJGb3giLCJpYXQiOjE2NDQyODc0NDIsImV4cCI6MTY0NDI4NzUwMiwicm9sZXMiOiJhZG1pbiIsImxvZ28iOiJ4eHguanBnIn0.veExdFdoZpHSXLSs1leQDPHx0dHt-ILLfDeilWucf7U
=========
{"alg":"HS256"}
{"jti":"666","sub":"Fox","iat":1644287442,"exp":1644287502,"roles":"admin","logo":"xxx.jpg
�Z�

token的验证解析

public class JwtdemoApplicationTests {
    private static final String SECRETKEY="123123";
    @Test
    public void testParseToken(){
        //token
        String token ="eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI2NjYiLCJzdWIiOiJGb3giLCJpYXQiOjE2NDQyODcwNjEsImV4cCI6MTY0NDI4NzEyMSwicm9sZXMiOiJhZG1pbiIsImxvZ28iOiJ4eHguanBnIn0.5tqXl0BvW_mUwizRTnCAZSulDEhZWypyzzvIc-o_zBM";
        //解析token获取载荷中的声明对象
        Claims claims = Jwts.parser()
                .setSigningKey(SECRETKEY)
                .parseClaimsJws(token)
                .getBody();
        //如果token过期的话,就会抛异常出来
        System.out.println("id:"+claims.getId());
        System.out.println("subject:"+claims.getSubject());
        System.out.println("issuedAt:"+claims.getIssuedAt());
        DateFormat sf =new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        System.out.println("签发时间:"+sf.format(claims.getIssuedAt()));
        System.out.println("过期时间:"+sf.format(claims.getExpiration()));
        System.out.println("当前时间:"+sf.format(new Date()));
        System.out.println("roles:"+claims.get("roles"));
        System.out.println("logo:"+claims.get("logo"));
    }
}

如果token没过期的话输出结果:

id:666
subject:Fox
issuedAt:Tue Feb 08 10:30:42 CST 2022
签发时间:2022-02-08 10:30:42
过期时间:2022-02-08 10:31:42
当前时间:2022-02-08 10:31:09
roles:admin
logo:xxx.jpg

如果token已经过期的话输出结果:

io.jsonwebtoken.ExpiredJwtException: JWT expired at 2022-02-08T10:31:42Z. Current time: 2022-02-08T10:31:57Z, a difference of 15635 milliseconds.  Allowed clock skew: 0 milliseconds.