JWT知识

JWT概念

JWT组成

Java实现JWT

Header

String getHeader() {
    String header = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
    String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(header.getBytes(StandardCharsets.UTF_8));
    System.out.println(encodeBase64URLSafeString);
}

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

PayLoad

void getPayLoad(){
    String payload = "{\"sub\":\"7isi\",\"id\":\"1001\",\"role\":\"admin\"}";
    String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(payload.getBytes(StandardCharsets.UTF_8));
    System.out.println(encodeBase64URLSafeString);
}

eyJzdWIiOiI3aXNpIiwiaWQiOiIxMDAxIiwicm9sZSI6ImFkbWluIn0

Signature

@Test
void generatesignature() throws NoSuchAlgorithmException, InvalidKeyException {
    String secret = UUID.randomUUID().toString().replaceAll("-", "");
    String data = getHeader() +"." + getPayLoad();

    Mac mac = Mac.getInstance("HmacSHA256");
    SecretKeySpec spec = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8),"HmacSHA256");
    mac.init(spec);
    byte[] bytes = mac.doFinal(data.getBytes(StandardCharsets.UTF_8));
    String res = Base64.encodeBase64URLSafeString(bytes);
    
    String jwt = data + "." + res;
    System.out.println(jwt);
}

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3aXNpIiwiaWQiOiIxMDAxIiwicm9sZSI6ImFkbWluIn0.vpwacNY4fLdQzF7iSDyGLnYMqbgBoWRVLNG7Ail15Ss

验证签名值

计算出来和原来的对比，我们的secreat是早就准备好的

Web中使用JWT

JJWT

依赖

            io.jsonwebtoken
            jjwt-api
            0.11.5
        
        
            io.jsonwebtoken
            jjwt-impl
            0.11.5
            runtime
        
        
            io.jsonwebtoken
            jjwt-jackson
            0.11.5
            runtime
        
        
            org.bouncycastle
            bcprov-jdk15on
            1.70
            runtime
        

例子

生成jws

RSA算法的支持

JWT安全密钥实现

以下是jwt，没有签名，文档错误

自定义key

压缩

获取jwt的数据

add是往后添加