[英]Spring security JWT
I am trying to implement JWT based auth with Spring security.我正在尝试使用 Spring 安全性实现基于 JWT 的身份验证。
Currently, using the below dependencies.目前,使用以下依赖项。
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.10.7</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.10.7</version>
<scope>runtime</scope>
</dependency>
JWtUtil class JWtUtil class
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
@Component
public class JWTUtil implements Serializable {
private static final long serialVersionUID = 1L;
@Value("${springbootwebfluxjjwt.jjwt.secret}")
private String secret;
@Value("${springbootwebfluxjjwt.jjwt.expiration}")
private String expirationTime;
public Claims getAllClaimsFromToken(String token) {
return Jwts.parser().setSigningKey(Base64.getEncoder().encodeToString(secret.getBytes())).parseClaimsJws(token)
.getBody();
}
public String getUsernameFromToken(String token) {
return getAllClaimsFromToken(token).getSubject();
}
public Date getExpirationDateFromToken(String token) {
return getAllClaimsFromToken(token).getExpiration();
}
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
public String generateToken(User user) {
Map<String, Object> claims = new HashMap<>();
claims.put("role", user.getRoles());
return doGenerateToken(claims, user.getUsername());
}
private String doGenerateToken(Map<String, Object> claims, String username) {
Long expirationTimeLong = Long.parseLong(expirationTime); // in second
final Date createdDate = new Date();
final Date expirationDate = new Date(createdDate.getTime() + expirationTimeLong * 1000);
return Jwts.builder().setClaims(claims).setSubject(username).setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString(secret.getBytes())).compact();
}
public Boolean validateToken(String token) {
return !isTokenExpired(token);
}
}
Came across spring dependency for JWT.遇到 JWT 的 spring 依赖项。 But unable to find the correponding API.但是找不到对应的API。
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
Is there any example to convert the current JWTUtil with the spring-security-jwt API's?有没有使用 spring-security-jwt API 转换当前 JWTUtil 的示例?
You can use您可以使用
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
<version>1.0.11.RELEASE</version>
</dependency>
Java code for this: Java 代码:
//decode using token as String
Jwt decodedJwt = JwtHelper.decode(jwtToken);
//get Claims
JSONObject claims = new JSONObject(decodedJwt.getClaims());
//get expiration date
Date exp = new Date(claims.getLong("exp"));
//get subject
claims.getString("sub");
Additional you can check here some examples for org.springframework.security.jwt.JwtHelper
另外,您可以在此处查看org.springframework.security.jwt.JwtHelper
的一些示例
EDIT: in version 1.1.0.RELEASE
JwtHelper
is deprecated
and you can use migration guide编辑:在版本1.1.0.RELEASE
JwtHelper
已deprecated
,您可以使用迁移指南
I'm using spring security with jwt and the dependecy I have is this one:我正在使用 spring 安全性和 jwt ,我的依赖是这个:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.0</version>
</dependency>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.