码上快乐

相关内容   简体   繁体

springsecurity整合jwt实现鉴权

本文转载自  查看原文  2020-04-15 10:52  916 

依赖:

<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>


代码:

jwt工具类:

@Data
@ConfigurationProperties(prefix = "jwt")
@Component
public class jwtUtils {
    private String key;
    private Long expirationTime;
    private String header;
    private String encoderKey(){
        return Base64.getEncoder().encodeToString(key.getBytes());
    }
    public String generateToken() {
        Map<String, Object> claims = new HashMap<>();
        claims.put("sub", "halloworld");
        claims.put("created", new Date());
        claims.put("id","123");
        return generateToken(claims);
    }

    private String generateToken(Map<String, Object> claims) {
        Date expirationDate = new Date(System.currentTimeMillis() + expirationTime);
        String encodedKey = Base64.getEncoder().encodeToString(key.getBytes());
        String token = Jwts.builder().setClaims(claims).setExpiration(expirationDate).signWith(SignatureAlgorithm.HS512,encodedKey).compact();
        return token;
    }

    private Claims getClaimsFromToken(String token) {
        Claims claims;
        try {
            claims = Jwts.parser().setSigningKey(encoderKey()).parseClaimsJws(token).getBody();
        } catch (Exception e) {
            claims = null;
        }
        return claims;
    }

    public String getUserIdFromToken(String token) {
        String userId;
        try {
            userId = (String) getClaimsFromToken(token).get("id");
        } catch (Exception e) {
            userId = null;
        }
        return userId;
    }

    public String getUsernameFromToken(String token) {
        String username;
        try {
            Claims body = Jwts.parser().setSigningKey(encoderKey()).parseClaimsJws(token).getBody();
            username = body.getSubject();
        } catch (Exception e) {
            username=null;
        }
        return username;
    }
    public Boolean isTokenExpired(String token){
        try {
            Claims claimsFromToken = getClaimsFromToken(token);
            Date expiration = claimsFromToken.getExpiration();
            return expiration.before(new Date());
        }catch (Exception e){
            return false;
        }
    }
    public String refreshToken(String token) {
        String refreshedToken;
        try {
            Claims claimsFromToken = getClaimsFromToken(token);
            claimsFromToken.put("created", new Date());
            refreshedToken = generateToken(claimsFromToken);
        } catch (Exception e) {
            refreshedToken = null;
        }
        return refreshedToken;
    }
}

Bug:

jwt:

java.lang.IllegalArgumentException: secret key byte array cannot be null or empty

jwt秘钥需要进行base64编码

Base64.getEncoder().encodeToString(key.getBytes());

Base64-encoded key bytes may only be specified for HMAC signatures

秘钥必须使用HS开头的加密算法,如果使用加密算法为HS256,HS384或HS512,则密钥字节数组必须分别为256位(32字节),384位(48字节)或512位(64字节)

.


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 Django基于JWT实现微信小程序的登录和鉴权 HTTP基本认证和JWT鉴权 SpringSecurity整合JWT SpringSecurity 整合 JWT SpringSecurity整合JWT SpringCloud 2020.0.4 系列之 JWT用户鉴权 [原创]SpringSecurity控制授权(鉴权)功能介绍 springboot实现token鉴权 SpringSecurity +Jwt 实现权限管理 SpringSecurity实现OAuth2+JWT
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM