1.什麼是jwt
把安全資料封裝起來 ,以json字元串的格式進行傳輸
public class Test {
@org.junit.Test
public void jwt() {
//jwt -->三部分組成
long time = 1000 * 60 * 60 * 24;
String key = "admin";
JwtBuilder builder = Jwts.builder();
//1. header:一般由兩部分組成,一部分是聲明類型,一部分是聲明加密的算法。
String compact = builder.setHeaderParam("type", "JWT")
.setHeaderParam("alg", "HS256")
//2. payload(載荷):存放需要傳輸的資訊,一般存放使用者的相關資料,比如使用者的ID,使用者的權限等。
.claim("username", "tom")
.claim("role", "admin")
.setSubject("admin-test")
.setExpiration(new Date(System.currentTimeMillis() + time))
.setId(UUID.randomUUID().toString())
//3. signature:是将header和payload進行加密生成的簽名,防止資料在傳輸過程中被篡改。
.signWith(SignatureAlgorithm.HS256, key)
.compact();
System.out.println(compact);
JwtParser parser = Jwts.parser();
Jws<Claims> claimsJws = parser.setSigningKey(key).parseClaimsJws(compact);
Claims body = claimsJws.getBody();
System.out.println(body.get("username"));
System.out.println(body.getSubject());
}
@org.junit.Test
public void Login() {
//模拟前端攜帶的賬号和密碼通路
String name = "admin";
String password = "123456";
JwtBuilder builder = Jwts.builder();
String key = name;
String token = null;
if (name.equals("admin") && password.equals("123456")) {
token = builder.setHeaderParam("type", "JWT")
.setHeaderParam("alg", "HS256")
.claim("name", name)
.claim("password", password)
.setSubject(name)
.setId(password)
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24))
.signWith(SignatureAlgorithm.HS256, key)
.compact();
System.out.println(token);
} else {
System.out.println("錯誤");
}
System.out.println("通路其他請求(請攜帶token):");
String next = token;
if (next.equals(token)) {
System.out.println("擷取token成功,正在解析擷取id");
Jws<Claims> claimsJws = Jwts.parser().setSigningKey(key).parseClaimsJws(token);
System.out.println(claimsJws.getBody().getId());
System.out.println(claimsJws.getBody().get("name"));
System.out.println(claimsJws.getBody().get("password"));
System.out.println(claimsJws.getBody().getSubject());
} else {
System.out.println("未帶token,不可通路");
}
}
}