[英]How can logout using spring boot jwt
I am using this example https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world for creating spring boot rest api with json web token (JWT). I am using this example https://dzone.com/articles/spring-boot-security-json-web-tokenjwt-hello-world for creating spring boot rest api with json web token (JWT). but i am not found any api for forcefully logout using io.jsonwebtoken maven dependency.
但我没有找到任何 api 使用 io.jsonwebtoken maven 依赖项强制注销。
i am using this dependency in pom:我在 pom 中使用这个依赖:
groupId io.jsonwebtoken artifactId jjwt version 0.9.1
can any one tell me about this dependency, provide any logout or revoke token api or not.任何人都可以告诉我这种依赖关系,是否提供任何注销或撤销令牌 api。 if not, provide any solution for forcefully logout using this process.
如果没有,请提供使用此过程强制注销的任何解决方案。
There can be done several things for logout:注销可以做几件事:
window.sessionStorage.removeItem("token") // for session storage
window.sessionStorage.removeItem("token") // 用于 session 存储
or或者
window.localstorage.removeItem("token") // for local storage
window.localstorage.removeItem("token") // 用于本地存储
Ref about them: https://developer.mozilla.org/ru/docs/Web/API/Window/sessionStorage https://developer.mozilla.org/ru/docs/Web/API/Window/localStorage参考他们: https://developer.mozilla.org/ru/docs/Web/API/Window/sessionStorage https://developer.mozilla.org/ru/docs/Web/API/Window/localStorage
My example in angular: https://github.com/dmcheremisin/TodoApp/blob/master/frontend/src/app/service/jwt-authentication.service.ts我在 angular 中的示例: https://github.com/dmcheremisin/TodoApp/blob/master/frontend/src/app/service/jwt-authentication.service.ts
If you need to allow further usage of token - you refresh it, otherwise reject.如果您需要允许进一步使用令牌 - 您刷新它,否则拒绝。
Example refresh method:示例刷新方法:
public String refreshToken(String token) {
final Date createdDate = new Date();
final Date expirationDate = calculateExpirationDate(createdDate);
final Claims claims = getAllClaimsFromToken(token);
claims.setIssuedAt(createdDate);
claims.setExpiration(expirationDate);
return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
}
This code snippet is from my repo that uses the same library jjwt: https://github.com/dmcheremisin/TodoApp/blob/master/backend/src/main/java/com/todo/app/util/JwtTokenUtil.java此代码片段来自我使用相同库 jjwt 的存储库: https://github.com/dmcheremisin/TodoApp/blob/master/backend/src/main/java/com/todo/app/util/JwtTokenUtil.Z93F725A07423FE1C889F448B33D21F46
Related article: https://medium.com/devgorilla/how-to-log-out-when-using-jwt-a8c7823e8a6相关文章: https://medium.com/devgorilla/how-to-log-out-when-using-jwt-a8c7823e8a6
I believe tokens have expiration period.我相信代币有有效期。 You can simply reduce the expiration period so that if the token get hacked, then it wont be useful after expiration
您可以简单地缩短到期时间,这样如果令牌被黑客入侵,那么它在到期后就没有用了
We can achieve this by changing the secret key.我们可以通过更改密钥来实现这一点。 Normally we maintain one secret key for all the users, so if we change secret key it will revoke access for all the users.
通常我们为所有用户维护一个密钥,因此如果我们更改密钥,它将撤销所有用户的访问权限。 We can maintain unique secret key for each user and on request of logout we can delete/change the use associated secret key.
我们可以为每个用户维护唯一的密钥,并且根据注销的请求,我们可以删除/更改使用关联的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.