Contents

Java 簡單JWT方法測試

Contents

簡單小試。

實作

參考網路範例調整,簡單測試jwt功能,不要直接用下面程式喔。

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
package  util;

import java.io.Serializable;
import java.time.Instant;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.message.AuthException;

import org.springframework.stereotype.Component;

import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;

@Component
public class JwtTokenUtils implements Serializable {

    /**
	 * 
	 */
	private static final long serialVersionUID = 6307640988200151725L;
	private static final long EXPIRATION_TIME = 10 * 60 * 1000;
    /**
     * JWT SECRET KEY
     */
    private static final String SECRET = "PBCIKEY";

    /**
     * 簽發JWT
     */
    public String generateToken(Map<String, String> userDetails) {
        Map<String, Object> claims = new HashMap<>();
        claims.put( "userName", userDetails.get("userName") );

        return Jwts.builder()
                .setClaims( claims )
                .setExpiration( new Date( Instant.now().toEpochMilli() + EXPIRATION_TIME  ) )
                .signWith( SignatureAlgorithm.HS512, SECRET )
                .compact();
    }

    /**
     * 驗證JWT
     */
    public void validateToken(String token) throws AuthException {
        try {
            Jwts.parser()
                    .setSigningKey( SECRET )
                    .parseClaimsJws( token );
        } catch (SignatureException e) {
            throw new AuthException("Invalid JWT signature.");
        }
        catch (MalformedJwtException e) {
            throw new AuthException("Invalid JWT token.");
        }
        catch (ExpiredJwtException e) {
            throw new AuthException("Expired JWT token");
        }
        catch (UnsupportedJwtException e) {
            throw new AuthException("Unsupported JWT token");
        }
        catch (IllegalArgumentException e) {
            throw new AuthException("JWT token compact of handler are invalid");
        }
    }
    
    public static void main(String[] argv) {
    	Map<String,String> userMap = new HashMap<>();
    	userMap.put("userName","HelloUser");
    	JwtTokenUtils jwtUtils = new JwtTokenUtils();
    	String token = jwtUtils.generateToken(userMap);
    	
    	System.out.println("token:" + token);
    	
    	try {
    		jwtUtils.validateToken(token);
            String user = (String) jwtUtils.getUserName(token);
            System.out.println("取得 user:" + user);
		} catch (AuthException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
    }

	/**
	 * @param token
	 * @return
	 */
	private Object getUserName(String token) {
		return Jwts.parser()
		        .setSigningKey(SECRET)
		        .parseClaimsJws(token)
		        .getBody()
		        .get("userName");
	}
}

參考文章

Day 29 - Spring Boot 想要資料令牌要先帶來!- JWT - iT 邦幫忙::一起幫忙解決難題,拯救 IT 人的一天

Java - JSON Web Tokens (JWT) 示範 | Kenny’s Blog

[筆記] 透過 JWT 實作驗證機制. 以 JWT(JSON Web Tokens)實作驗證機制 | by Mike Huang | 麥克的半路出家筆記 | Medium