在使用JJWT的时候会产生这个错误,它代表HS256的秘钥长度不够
io.jsonwebtoken.security.WeakKeyException: The signing key's size is 192 bits which is not
secure enough for the HS256 algorithm.
JJWT只有三部分,头部,载荷,签名。
header只有两个,一个是算法alg,另一个是类型typ
载荷有JWT官方提供的7个,也有自定义claims的
签名(注意长度就行)
账号密码登录流程
配置Token
@Component
public class MessageService {
static String secretkey="pL2xD5dF8zP4jU5vB4nR6pZ8rH0zS1iC9pE7uZ6yV6lD3xM9dU0yG1sT8eQ8jS9uO";
public static String tokenSecretKey(){
return secretkey;
}
public static String buildToken(String username, String password) {
HashMap<String, Object> header = new HashMap<String, Object>();
header.put("alg", "HS256");
header.put("typ", "jwt");
HashMap claims = new HashMap();
claims.put("username", username);
claims.put("password", password);
String token = Jwts.builder()
.setHeaderParams(header)
.setSubject("Authorization Token")
.setAudience(username)
.setIssuer(username)
.setIssuedAt(new Date())
.setNotBefore(new Date())
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24 * 7))
.setClaims(claims)
.setId(UUID.randomUUID().toString())
.signWith(SignatureAlgorithm.HS256, tokenSecretKey())
.compact();
return token;
}
public static String parseToken(String secretkey, String token) {
Jws<Claims> claims = Jwts.parser().setSigningKey(secretkey).build().parseClaimsJws(token);
System.out.println(claims.getBody());
System.out.println(claims.getHeader());
System.out.println(claims.getSignature());
return "success";
}
}
Web配置
@EnableWebMvc
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Autowired
private Interceptor checkUserInfo;
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns("*")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedHeaders("*")
.exposedHeaders("*")
.allowCredentials(true)
.maxAge(3600L);
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(checkUserInfo)
.addPathPatterns("/**")
.excludePathPatterns("/login/account");
}
}
拦截器配置
@Component
public class Interceptor implements HandlerInterceptor {
@Resource
private StringRedisTemplate stringRedisTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
try {
String AuthorizationHeader = request.getHeader("Authorization");
String token=stringRedisTemplate.opsForValue().get("token");
MessageService.parseToken(AuthorizationHeader,token);
return true;
}catch (Exception e){
throw new RuntimeException("身份验证信息过期");
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
}
}
