JWT生成Token及解析Token

时间:2025-03-19 07:15:32
public class JjwtUtil { /** * JWT的唯一身份标识 */ public static final String JWT_ID = UUID.randomUUID().toString(); /** * 秘钥 */ public static final String JWT_SECRET = "123456789"; /** * 过期时间,单位毫秒 */ public static final int EXPIRE_TIME = 60 * 60 * 1000; //创建Token public static String createJwt(String issuer, String audience, String subject){ //添加头部信息 Map<String,Object> header = new HashMap<>(); header.put("typ","JWT"); // ("alg", "HS256"); SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; //添加载荷信息 Map<String,Object> claims = new HashMap<>(); claims.put("username", "admin"); //生成JWT的时间 long nowTime = System.currentTimeMillis(); Date issuedAt = new Date(nowTime); JwtBuilder builder = Jwts.builder() .setHeader(header) // 设置头部信息 .setClaims(claims) // 如果有私有声明,一定要先设置自己创建的这个私有声明,这是给builder的claim赋值,一旦写在标准的声明赋值之后,就是覆盖了那些标准的声明 .setId(JWT_ID) // jti(JWT ID):jwt的唯一身份标识,根据业务需要,可以设置为一个不重复的值,主要用来作为一次性token,从而回避重放攻击 .setIssuedAt(issuedAt) // iat(issuedAt):jwt的签发时间 .setIssuer(issuer) // iss(issuer):jwt签发者 .setSubject(subject) // sub(subject):jwt所面向的用户,放登录的用户名,一个json格式的字符串,可存放userid,roldid之类,作为用户的唯一标志 .signWith(signatureAlgorithm, JWT_SECRET); // 设置签名,使用的是签名算法和签名使用的秘钥 //设置过期时间 if(EXPIRE_TIME >0){ long exp = nowTime + EXPIRE_TIME; builder.setExpiration(new Date(exp)); } return builder.compact(); } //解析Token public static Claims parseJwt(String token){ return Jwts.parser().setSigningKey(JWT_SECRET).parseClaimsJws(token).getBody(); } public static void main(String[] args) { //生成token String jwt = JjwtUtil.createJwt("li", "", "{id:1,name:zhangsan}"); System.out.println(jwt); System.out.println(JWT_ID); System.out.println("==========================================="); //解析token Claims claims = JjwtUtil.parseJwt("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ7aWQ6MSxuYW1lOnpoYW5nc2FufSIsImlzcyI6ImxpIiwiZXhwIjoxNjE0MjQ4NDYyLCJpYXQiOjE2MTQyNDQ4NjIsImp0aSI6ImFmZmY5OTI1LTMwNjYtNDE4MC04ODdhLTUxMDkzZDQ4Mjk3ZSIsInVzZXJuYW1lIjoiYWRtaW4ifQ.vYmJh7DWcbcd7KD5dOGeQ8laSgSG1Qn5Lj2RpmfSv-Y"); String id = claims.getId(); String subject = claims.getSubject(); String username = (String) claims.get("username"); String issuer = claims.getIssuer(); Date issuedAt = claims.getIssuedAt(); System.out.println("id :"+id+ " " + "username :" +username + " "+ "subject :" + subject+"issuer :"+issuer + " "+issuedAt); } }

相关文章