JWT operation tool class sharing

Share your personal operation  JWT  Tool class of . be based on  jjwt  library , This is a Java The most popular in the circle  JWT  Operation Library .

TIPS

• jjwt GitHub：GitHub - jwtk/jjwt: Java JWT: JSON Web Token for Java and Android
• This tool class comes from personal open source certification 、 Authorization framework  Light Security

• Plus dependence

  <dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-api</artifactId>
    <version>0.10.7</version>
  </dependency>
  <dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-impl</artifactId>
    <version>0.10.7</version>
    <scope>runtime</scope>
  </dependency>
  <dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-jackson</artifactId>
    <version>0.10.7</version>
    <scope>runtime</scope>
  </dependency>
  

• Tool class ：

  @Slf4j
  @RequiredArgsConstructor
  @SuppressWarnings("WeakerAccess")
  @Component
  public class JwtOperator {
      /**
       *  Secret key 
       * -  Default aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt
       */
      @Value("${secret:aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt}")
      private String secret;
      /**
       *  The period of validity , Unit second 
       * -  Default 2 Zhou 
       */
      @Value("${expire-time-in-second:1209600}")
      private Long expirationTimeInSecond;
  
      /**
       *  from token In order to get claim
       *
       * @param token token
       * @return claim
       */
      public Claims getClaimsFromToken(String token) {
          try {
              return Jwts.parser()
                  .setSigningKey(this.secret.getBytes())
                  .parseClaimsJws(token)
                  .getBody();
          } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
              log.error("token Parse error ", e);
              throw new IllegalArgumentException("Token invalided.");
          }
      }
  
      /**
       *  obtain token The expiration time of 
       *
       * @param token token
       * @return  Expiration time 
       */
      public Date getExpirationDateFromToken(String token) {
          return getClaimsFromToken(token)
              .getExpiration();
      }
  
      /**
       *  Judge token Is it overdue 
       *
       * @param token token
       * @return  Expired return true, Not expired return false
       */
      private Boolean isTokenExpired(String token) {
          Date expiration = getExpirationDateFromToken(token);
          return expiration.before(new Date());
      }
  
      /**
       *  Calculation token The expiration time of 
       *
       * @return  Expiration time 
       */
      private Date getExpirationTime() {
          return new Date(System.currentTimeMillis() + this.expirationTimeInSecond * 1000);
      }
  
      /**
       *  Generate... For the specified user token
       *
       * @param claims  User information 
       * @return token
       */
      public String generateToken(Map<String, Object> claims) {
          Date createdTime = new Date();
          Date expirationTime = this.getExpirationTime();
  
  
          byte[] keyBytes = secret.getBytes();
          SecretKey key = Keys.hmacShaKeyFor(keyBytes);
  
          return Jwts.builder()
              .setClaims(claims)
              .setIssuedAt(createdTime)
              .setExpiration(expirationTime)
              //  You can also use your favorite algorithm 
              //  The supported algorithms are detailed in ：https://github.com/jwtk/jjwt#features
              .signWith(key, SignatureAlgorithm.HS256)
              .compact();
      }
  
      /**
       *  Judge token Is it illegal 
       *
       * @param token token
       * @return  Not expired return true, Otherwise return to false
       */
      public Boolean validateToken(String token) {
          return !isTokenExpired(token);
      }
  
      public static void main(String[] args) {
          // 1.  initialization 
          JwtOperator jwtOperator = new JwtOperator();
          jwtOperator.expirationTimeInSecond = 1209600L;
          jwtOperator.secret = "aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrsssttt";
  
          // 2. Set user information 
          HashMap<String, Object> objectObjectHashMap = Maps.newHashMap();
          objectObjectHashMap.put("id", "1");
  
          //  test 1:  Generate token
          String token = jwtOperator.generateToken(objectObjectHashMap);
          //  Something similar to this string will be generated : eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk4MTcsImV4cCI6MTU2Njc5OTQxN30.27_QgdtTg4SUgxidW6ALHFsZPgMtjCQ4ZYTRmZroKCQ
          System.out.println(token);
  
          //  Change me to the one generated above token!!!
          String someToken = "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk4MTcsImV4cCI6MTU2Njc5OTQxN30.27_QgdtTg4SUgxidW6ALHFsZPgMtjCQ4ZYTRmZroKCQ";
          //  test 2:  If you can token Legal and not expired , return true
          Boolean validateToken = jwtOperator.validateToken(someToken);
          System.out.println(validateToken);
  
          //  test 3:  Get user information 
          Claims claims = jwtOperator.getClaimsFromToken(someToken);
          System.out.println(claims);
  
          //  Change me to the one you generated token The first paragraph of （ With . As boundary ）
          String encodedHeader = "eyJhbGciOiJIUzI1NiJ9";
          //  test 4:  Decrypt Header
          byte[] header = Base64.decodeBase64(encodedHeader.getBytes());
          System.out.println(new String(header));
  
          //  Change me to the one you generated token The second paragraph of （ With . As boundary ）
          String encodedPayload = "eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk1NDEsImV4cCI6MTU2Njc5OTE0MX0";
          //  test 5:  Decrypt Payload
          byte[] payload = Base64.decodeBase64(encodedPayload.getBytes());
          System.out.println(new String(payload));
  
          //  test 6:  This is a falsified token, Therefore, an exception will be reported , explain JWT Is safe 
          jwtOperator.validateToken("eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjEiLCJpYXQiOjE1NjU1ODk3MzIsImV4cCI6MTU2Njc5OTMzMn0.nDv25ex7XuTlmXgNzGX46LqMZItVFyNHQpmL9UQf-aUx");
      }
  }
  

• Write configuration

  jwt:
    secret:  Secret key 
    #  The period of validity , Unit second , Default 2 Zhou 
    expire-time-in-second: 1209600
  

• Use ：

  @Autowired
  private JwtOperator jwtOperator;
  
  // ...