java中token的生成与解析

依赖

  <dependency>
            <groupId>com.auth0groupId>
            <artifactId>java-jwtartifactId>
            <version>3.4.0version>
        dependency>

代码如下：

package com.utils;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/**
 * Created with IntelliJ IDEA.
 *
 * @Auther: cqwuliu
 * @Date: 2022/11/26/22:50  [email protected]
 * @Description:
 */
public class JWTUtil {
    /**
     * token过期时间  过期时间2分钟
     */
    private static final long EXPIRE_TIME = 2*60*1000;
    /**
     *   token秘钥,设置的复杂点这里用一串uuid，并用HMAC256加密的
     */
    private static final String TOKEN_SECRET = "JFKDJFKGFGFGIFG8R9589589";


    /**
     * 生成签名token，30分钟过期
     * @param userName 用户名
     * //@param userId 用户ID
     * @param loginTime 登录时间
     * @return 生成的token
     */
    public static String generatorToken(String userName ,String loginTime) {
        //过期时间
        Date date = new Date(System.currentTimeMillis()+EXPIRE_TIME );
        //秘钥及加密算法
        Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
        //设置头部信息
        Map<String,Object> header = new HashMap<String,Object>(2);
        header.put("type","JWT");
        header.put("alg","HS256");
        //附带用户信息，生成token
        return JWT.create()
                .withHeader(header)
                .withIssuer("auth0")
                .withClaim("userName",userName)
             //   .withClaim("userId",userId)
                .withClaim("loginTime",loginTime)
                .withExpiresAt(date)
                .sign(algorithm);
    }

    /**
     * 检验token是否正确
     * @param token 需要校验的token
     * @return 校验是否成功
     */
    public static boolean verify(String token){
        try {
            //设置签名的加密算法：HMAC256
            Algorithm algorithm = Algorithm.HMAC256(TOKEN_SECRET);
            JWTVerifier verifier = JWT.require(algorithm).build();
            DecodedJWT jwt = verifier.verify(token);
            return true;
        } catch (Exception e){
            return false;
        }
    }


    /**
     * 先验证token是否被伪造，然后解码token。
     * @param token 字符串token
     * @return 解密后的DecodedJWT对象，可以读取token中的数据。
     */
    public DecodedJWT deToken(final String token) {
        DecodedJWT jwt = null;
        try {
            // 使用了HMAC256加密算法。
            // mysecret是用来加密数字签名的**。
            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(TOKEN_SECRET))
                    .withIssuer("auth0")
                    .build(); //Reusable verifier instance
            jwt = verifier.verify(token);
        } catch (JWTVerificationException exception){
            //Invalid signature/claims
            exception.printStackTrace();
        } catch (IllegalArgumentException e) {

            e.printStackTrace();
        }
        return jwt;
    }
 

}

测试代码

package com.utils;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.io.UnsupportedEncodingException;

/**
 * Created with IntelliJ IDEA.
 *
 * @Auther: cqwuliu
 * @Date: 2022/11/27/0:14  [email protected]
 * @Description:
 */
public final class Decrypt {

    public static void main(String[] args) {

            // 生成token
            JWTUtil encrypt = new JWTUtil();
            String token = JWTUtil.generatorToken("zhangchao", "20220101");
            // 打印token
            System.out.println("token: " + token);
            // 解密token
            DecodedJWT jwt = encrypt.deToken(token);
            System.out.println("issuer: " + jwt.getIssuer());

            System.out.println("username: " + jwt.getClaim("userName").asString());
            System.out.println("time:     " + jwt.getClaim("loginTime").asString());
            System.out.println("过期时间：      " + jwt.getExpiresAt());

    }

}