JWT,全称Json Web Token。干什么用的?
比如在APP中,是没有session这种概念的,那么用户登录后,用户信息需要保存吧。保存在WEB前端,这明文是不安全的,对吧?所以需要加密起来。对,就是加密信息用的。具体怎么个加密法呢?
比如有这么一段用户数据:
用JWT加密后,就会变成一串乱码:
“eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0OTA0MDYxOTMzOTEsInBheWxvYWQiOiJ7XCJpZFwiOjEsXCJuYW1lXCI6XCJ5b3V5dVwiLFwiYWdlXCI6MzQsXCJwYXNzd29yZFwiOlwiMTIzNDU2YVwifSJ9.UlKaIonYtd4jpp03XhAcrj7u6dlQPBi7f4W-c7BD59c”
这样,是不是安全了?好勒,下面我们来具体coding,实现下:
(1)
public class User {
private Integer id;
private String name;
private Integer age;
private String password;
public Integer getId() {
return id;
}
public void setId(Integer id){
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String toString() {
return “User [name=” + name + “, age=” + age + “, password=” + password + “]”;
}
}
(2) pom .xml
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>2.2.0</version>
</dependency>
(3) JWT.java
import com.auth0.jwt.JWTSigner;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.internal.com.fasterxml.jackson.databind.ObjectMapper;
public class JWT {
private static final String SECRET = “sdfkj(#*!NQNQJQK sdrow322XX#$%()34545fdf>?{LWPWN<:()!KL<><MQLM”;
private static final String EXP = “exp”;
private static final String PAYLOAD = “payload”;
public static <T> String sign(T object, long maxAge) {
try {
final JWTSigner signer = new JWTSigner(SECRET);
final Map<String, Object> claims = new HashMap<String, Object>();
ObjectMapper mapper = new ObjectMapper();
String jsonString = mapper.writeValueAsString(object);
claims.put(PAYLOAD, jsonString);
claims.put(EXP, System.currentTimeMillis() + maxAge);
return signer.sign(claims);
} catch(Exception e) {
return null;
}
}
public static<T> T unsign(String jwt, Class<T> classT) {
final JWTVerifier verifier = new JWTVerifier(SECRET);
try {
final Map<String,Object> claims= verifier.verify(jwt);
if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
long exp = (Long)claims.get(EXP);
long currentTimeMillis = System.currentTimeMillis();
if (exp > currentTimeMillis) {
String json = (String)claims.get(PAYLOAD);
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.readValue(json, classT);
}
}
return null;
} catch (Exception e) {
return null;
}
}
}
(4) 测试
@RequestMapping(“/login”)
@ResponseBody
public ResponseData login(@RequestParam String username, @RequestParam String password) {
if (“youyu”.equals(username) && “123456a”.equals(password)) {
ResponseData responseData = ResponseData.ok();
User user = new User();
user.setId(1);
user.setName(username);
user.setAge(34);
user.setPassword(password);
responseData.putDataValue(“user”, user);
String token = JWT.sign(user, 30L * 24L * 3600L * 1000L);
if (token != null) {
responseData.putDataValue(“token”, token);
}
return responseData;
}
return ResponseData.customerError().putDataValue(ResponseData.ERRORS_KEY, new String[] { “uername or password not ok” });
}
@RequestMapping(“/getinfo”)
@ResponseBody
public ResponseData getInfo(@RequestParam String token) {
User user = JWT.unsign(token, User.class);
if (user != null) {
return ResponseData.ok().putDataValue(“user”, user);
}
return ResponseData.customerError().putDataValue(ResponseData.ERRORS_KEY, new String[] { “token is illegal” });
}
Nice blog here! Also your web site loads up fast! What web host are you using? Can I get your affiliate link to your host? I wish my website loaded up as quickly as yours lol
She was vomiting, felt dizzy all the time, and had extreme brain fog