1 package com.pipihao.blog.util; 2 import java.util.Date; 3 4 import javax.crypto.SecretKey; 5 import javax.crypto.spec.SecretKeySpec; 6 7 import org.apache.commons.codec.binary.Base64; 8 9 import com.alibaba.fastjson.JSONObject; 10 import io.jsonwebtoken.Claims; 11 import io.jsonwebtoken.ExpiredJwtException; 12 import io.jsonwebtoken.JwtBuilder; 13 import io.jsonwebtoken.Jwts; 14 import io.jsonwebtoken.MalformedJwtException; 15 import io.jsonwebtoken.SignatureAlgorithm; 16 import io.jsonwebtoken.SignatureException; 17 import io.jsonwebtoken.UnsupportedJwtException; 18 19 /** 20 * JWTUtils工具类,生成jwt和解析jwt 21 * JSON WEB TOKEN 结构组成: 22 * (1)Header(头部):包含加密算法,通常直接使用 HMAC SHA256 23 * (2)Payload(负载):存放有效信息,比如消息体、签发者、过期时间、签发时间等 24 * (3)Signature(签名):由header(base64后的)+payload(base64后的)+secret(秘钥)三部分组合,然后通过head中声明的算法进行加密 25 * @author sixmonth 26 * @date 2019年3月20日 27 * 28 */ 29 public class JWTUtils { 30 31 static String SECRETKEY = "KJHUhjjJYgYUllVbXhKDHXhkSyHjlNiVkYzWTBac1Yxkjhuad"; 32 33 /** 34 * 由字符串生成加密key 35 * @return 36 */ 37 public static SecretKey generalKey(String stringKey) { 38 byte[] encodedKey = Base64.decodeBase64(stringKey); 39 SecretKey key = new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES"); 40 return key; 41 } 42 43 /** 44 * 创建jwt 45 * @param uuid 唯一id,uuid即可 46 * @param subject json形式字符串或字符串,增加用户非敏感信息存储,如用户id或用户账号,与token解析后进行对比,防止乱用 47 * @param expirationDate 生成jwt的有效期,单位秒 48 * @return jwt token 49 * @throws Exception 50 */ 51 public static String createJWT(String uuid, String subject, long expirationDate) throws Exception { 52 SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; 53 long nowMillis = System.currentTimeMillis(); 54 Date now = new Date(nowMillis); 55 SecretKey key = generalKey(SECRETKEY); 56 JwtBuilder builder = Jwts.builder().setIssuer("").setId(uuid).setIssuedAt(now).setSubject(subject) 57 .signWith(signatureAlgorithm, key); 58 if (expirationDate >= 0) { 59 long expMillis = nowMillis + expirationDate*1000; 60 Date exp = new Date(expMillis); 61 builder.setExpiration(exp); 62 } 63 return builder.compact(); 64 } 65 66 /** 67 * 解密jwt,获取实体 68 * @param jwt 69 */ 70 public static Claims parseJWT(String jwt) throws ExpiredJwtException, UnsupportedJwtException, 71 MalformedJwtException, SignatureException, IllegalArgumentException { 72 SecretKey key = generalKey(SECRETKEY); 73 Claims claims = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt).getBody(); 74 return claims; 75 } 76 77 /** 78 * 实例演示 79 */ 80 public static void main(String[] args) { 81 try { 82 JSONObject subject = new JSONObject(true); 83 subject.put("tem", "哈哈哈"); 84 subject.put("userName", "sixmonth"); 85 String token = createJWT(UUIDUtils.getUUID(), subject.toJSONString(), 10);//10秒过期 86 //System.out.println(token); 87 Claims claims = parseJWT(token); 88 System.out.println("解析jwt:"+claims.getSubject()); 89 JSONObject tem = JSONObject.parseObject(claims.getSubject()); 90 System.out.println("获取json对象内容:"+tem.getString("userName")); 91 System.out.println(claims.getExpiration()+"///"+claims.getExpiration().getTime()); 92 } catch (Exception e) { 93 e.printStackTrace(); 94 } 95 } 96 } 97