JWT工具类
SpringSecurity+JWT
依赖
<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt --><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.1</version></dependency><!--这个是用于进行数据校验的--><!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-validation</artifactId><version>2.6.3</version></dependency><!--SpringSecurity的依赖--><!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-security --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId><version>2.6.3</version></dependency><!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core --><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId><version>5.6.1</version></dependency>
yaml配置文件
#jwt: data :这个路径是根据JWTUtil中的#@ConfigurationProperties("jwt.data")配置的jwt:data:# jwt加密密钥SECRET: jwt-token-secret
# jwt储存的请求头Authorization固定写法tokenHeader: Authorization
# jwt的过期时间(60s*60min*24h*7day)expiration:604800# jwt负载中拿到的头信息tokenHead: Bearer
JWTUtil
packagecom.example.jwtutil.utils;importcom.example.jwtutil.entity.User;importio.jsonwebtoken.*;importlombok.Data;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Value;importorg.springframework.boot.context.properties.ConfigurationProperties;importorg.springframework.security.core.userdetails.UserDetails;importorg.springframework.stereotype.Component;importjava.util.Date;importjava.util.HashMap;importjava.util.Map;//注册组件@Component//@Data和@ConfigurationProperties结合使用用于在yaml中对其常量进行注入@Data@ConfigurationProperties("jwt.data")@Slf4jpublicclassJWTUtil{//创建对象主体privatestaticfinalString CLAIM_KEY_USERNAME ="subject";//创建创建时间privatestaticfinalString CLAIM_KEY_CREATED ="created";//@Value这个注解一定要引入spring-boot-starter-validation才能使用//@Value注解可以代替@Data和@ConfigurationProperties结合//这两个二者选一即可//我建议使用@Data和@ConfigurationProperties结合//@Value("${jwt.data.SECRET}")privateString SECRET;//创建加密盐//过期时间privateLong expiration;//根据用户名生成token//传入的是使用SpringSecurity里的UserDetailspublicStringcreateToken(UserDetails userDetails){HashMap<String,Object> claims =newHashMap<>();
claims.put(CLAIM_KEY_USERNAME, userDetails.getUsername());
claims.put(CLAIM_KEY_CREATED,newDate());returncreateToken(claims);}//根据token获取用户名publicStringgetUsernameFromToken(String token){String username ="";try{Claims claims =getClaimsFromToken(token);
username = claims.getSubject();}catch(Exception e){
username =null;
log.info("error:{}","用户名未能获取 from token");}return username;}//从token中获取荷载privateClaimsgetClaimsFromToken(String token){Claims claims =null;try{
claims =Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody();}catch(ExpiredJwtException e){
e.printStackTrace();}catch(UnsupportedJwtException e){
e.printStackTrace();}catch(MalformedJwtException e){
e.printStackTrace();}catch(SignatureException e){
e.printStackTrace();}catch(IllegalArgumentException e){
e.printStackTrace();}return claims;}//根据负载生成jwt tokenprivateStringcreateToken(Map<String,Object> claims){//jjwt构建jwt builder//设置信息,过期时间,signnaturereturnJwts.builder().setClaims(claims).setExpiration(expirationDate()).signWith(SignatureAlgorithm.ES512, SECRET).compact();}//生成token失效时间privateDateexpirationDate(){//失效时间为:系统当前毫秒数+我们设置的时间(s)*1000=》毫秒//其实就是未来7天returnnewDate(System.currentTimeMillis()+ expiration *1000);}//判断token是否有效publicbooleanvalidateToken(String token,UserDetails userDetails){//判断token是否过期//判断token是否和userDetails中的一致//我们要做的 是先获取用户名String username =getUsernameFromToken(token);return username.equals(userDetails.getUsername())&&!isTokenExpired(token);}//判断token、是否失效//失效返回trueprivatebooleanisTokenExpired(String token){Date expiredDate =getExpiredDateFeomToken(token);return expiredDate.before(newDate());}//从荷载中获取时间privateDategetExpiredDateFeomToken(String token){Claims claims =getClaimsFromToken(token);return claims.getExpiration();}//判断token是否可以被刷新//过期(销毁)就可以publicbooleancanBeRefreshed(String token){return!isTokenExpired(token);}//刷新tokenpublicStringrefreshToken(String token){Claims claims =getClaimsFromToken(token);//修改为当前时间
claims.put(CLAIM_KEY_CREATED,newDate());returncreateToken(claims);}}
JWT单独简易
前面一些做法是一样的
packagecn.sbs.packinggo.utils;importio.jsonwebtoken.Claims;importio.jsonwebtoken.JwtBuilder;importio.jsonwebtoken.Jwts;importio.jsonwebtoken.SignatureAlgorithm;importlombok.Data;importlombok.extern.slf4j.Slf4j;importorg.springframework.boot.context.properties.ConfigurationProperties;importorg.springframework.stereotype.Component;importjava.util.Calendar;importjava.util.Date;/**
* jwt工具类
*/@Slf4j@Data@Component@ConfigurationProperties("jwt.data")publicclassJWTUtils{//密钥publicString SECRET;//AuthorizationprivateString header;//创建token//传入useridpublicStringcreateToken(Long userId){Calendar calendar =Calendar.getInstance();
calendar.add(Calendar.SECOND,24*60*60*7);JwtBuilder builder =Jwts.builder().setHeaderParam("typ","JWT").setSubject(userId+"").setIssuedAt(newDate()).setExpiration(calendar.getTime()).signWith(SignatureAlgorithm.HS256,SECRET);return builder.compact();}//校验jwtpublicClaimsparseToken(String token){try{returnJwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody();}catch(Exception e){
log.error("jwt match error:{}",e);returnnull;}}//判断token是否过期publicbooleanjudgeTokenExpiration(Date expiration){return expiration.before(newDate());}}
本文转载自: https://blog.csdn.net/qq_51553982/article/details/122778454
版权归原作者 简明编程 所有, 如有侵权,请联系我们删除。
版权归原作者 简明编程 所有, 如有侵权,请联系我们删除。