jwt加密权限验证
1.pom文件
<!--JWT依赖-->
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>6.0</version>
</dependency>
2.在工具类中设置密钥和有效时间
//密钥 private static final byte[] SECRET = "9373bd00ffab49f4a8ee24aac0ec716b".getBytes(); //有效时间 private static final long EXPIRE_TIME = 1000 * 60 * 30;//有效时长(单位毫秒)
3.生成token
/**
* 生成Token
* @param subject 主题
* @param claimKey 应用Key
* @param claimValue 应用Value
* @return String
*/
public static String buildJWT(String subject, String claimKey, String claimValue) {
try {
MACSigner macSigner = new MACSigner(SECRET);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject(subject)
.expirationTime(new Date(System.currentTimeMillis() + EXPIRE_TIME))
.claim(claimKey, claimValue)
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
signedJWT.sign(macSigner);
return signedJWT.serialize();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
4.检验token
/**
* 校验token
* @param token Token
* @return boolean
*/
public static boolean vaildToken(String token ) {
try {
SignedJWT jwt = SignedJWT.parse(token);
JWSVerifier verifier = new MACVerifier(SECRET);
//校验是否有效
if (!jwt.verify(verifier)) {
return false;
}
//校验超时
Date expirationTime = jwt.getJWTClaimsSet().getExpirationTime();
return !new Date().after(expirationTime);
} catch (Exception e) {
return false;
}
}
5.解析token获取value
/**
* 获取token应用Value
* @param token Token
* @param claimKey 应用Value
* @return String
*/
public static String getTokenClaimValue(String token, String claimKey ) {
try {
if (!vaildToken(token)) {
return null;
}
SignedJWT jwt = SignedJWT.parse(token);
return (String) jwt.getJWTClaimsSet().getClaim(claimKey);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}