方式一
<!--jwt-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
public class JwtUtil {
private static final String secret = "asdfasdf";
//根据设置的secret,生成token
public static String createToken(String subject){
String token = Jwts.builder().setSubject(subject)
//设置过期时间 3s
.setExpiration(new Date(System.currentTimeMillis()+1000*3))
.signWith(SignatureAlgorithm.HS256,secret)
.compact();
return token;
}
//解析token
public static String parseToken(String token){
Claims body = Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
String subject = body.getSubject();
return subject;
}
public static void main(String[] args) throws InterruptedException {
String name = "海王";
String token = createToken(name);
System.out.println("token:"+token);
String srcStr = parseToken(token);
System.out.println("解析出来:"+srcStr);
System.out.println("==========================");
//睡眠4秒
TimeUnit.SECONDS.sleep(4);
srcStr = parseToken(token);
System.out.println("解析出来:"+srcStr);
}
}
运行结果
token:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiLmtbfnjosiLCJleHAiOjE2Njc3MTg2NjB9.53zZ4F5uNC4psd1SNzNp3ehBDBVUaIcHiXWHN2O4KTw
eyJhbGciOiJIUzI1NiJ9 :基于base64.encode(header) 编码
eyJzdWIiOiLmtbfnjosiLCJleHAiOjE2Njc3MTg2NjB9 :基于base64编码 包含 用户信息
53zZ4F5uNC4psd1SNzNp3ehBDBVUaIcHiXWHN2O4KTw :(散列加密 (payload ,盐(secret)))
package com.whj.dongbao.common.base;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.concurrent.TimeUnit;
/**
* @Auther: wanghaijun
* @Date: 2022/11/6 - 11 - 06 - 14:25
* @Description: com.whj.dongbao.common.base
*/
public class JwtUtil {
private static final String secret = "asdfasdf";
//根据设置的secret,生成token
public static String createToken(String subject){
String token = Jwts.builder().setSubject(subject)
//设置过期时间
.setExpiration(new Date(System.currentTimeMillis()+1000*60*60))
.signWith(SignatureAlgorithm.HS256,secret)
.compact();
return token;
}
//解析token
public static String parseToken(String token){
Claims body = Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
String subject = body.getSubject();
return subject;
}
public static void main(String[] args) throws InterruptedException {
String name = "海王";
String token = createToken(name);
System.out.println("token:"+token);
String srcStr = parseToken(token);
System.out.println("解析出来:"+srcStr);
System.out.println("==========================");
//睡眠4秒
TimeUnit.SECONDS.sleep(4);
srcStr = parseToken(token);
System.out.println("解析出来:"+srcStr);
}
}
方式二(项目使用)
导入依赖
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.14.0</version>
</dependency>
代码展示
解析后返回的实体类
@Data
public class TokenResult {
private String phone;
private String identity;
}
JWT工具类
package com.whj.internalcommon.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.whj.internalcommon.dto.TokenResult;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
/**
* @Auther: wanghaijun
* @Date: 2022/12/31 - 12 - 31 - 15:30
* @Description: 生成token验证token
*/
public class JwtUtils {
//盐
private static final String SIGN="WHJ@QQ123";
private static final String JWT_KEY_PHONE="phone";
//1 表示乘客,0表示司机 加入身份标识符来确保身份
private static final String JWT_KEY_IDENTITY ="identity";
//生成token
private static String generatorToken(String passengerPhone,String identity){
Map<String,String> map =new HashMap<>();
map.put(JWT_KEY_PHONE,passengerPhone);
map.put(JWT_KEY_IDENTITY,identity);
//设置token的过期时间
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DATE,1);
Date date =calendar.getTime();
JWTCreator.Builder builder = JWT.create();
//整合map lambda表达式
map.forEach(
(k,v)->{
builder.withClaim(k,v);
});
//整合过期时间
builder.withExpiresAt(date);
//生成token
String token = builder.sign(Algorithm.HMAC256(SIGN));
return token;
}
//解析token
public static TokenResult parseToken(String token){
DecodedJWT verify = JWT.require(Algorithm.HMAC256(SIGN)).build().verify(token);
String phone = verify.getClaim(JWT_KEY_PHONE).toString();
String identity = verify.getClaim(JWT_KEY_IDENTITY).toString();
TokenResult tokenResult = new TokenResult();
tokenResult.setPhone(phone);
tokenResult.setIdentity(identity);
return tokenResult;
}
public static void main(String[] args) {
String token = generatorToken("14760186137","1");
System.out.println("token = " + token);
TokenResult tokenResult = parseToken(token);
System.out.println("解析后token的包含的值 = " + tokenResult.getIdentity()+" "+tokenResult.getPhone());
}
}
测试
储存token的有效性两种方案:
第一种创建一个新的token,相当于重置了token的时间,但是有可能另一个还没有过期
第二种将创建的token存入redis,每次访问都重新增加token的时间
token续期
token续期:
- 每天第一次请求,续期token
- 每次接口请求,续期token
- access_token,refresh_token中途续期 (时间差一小时,那么一小时不操作就重新登录)
- access_token新老共存
