@Override public JwtParser requireIssuedAt(Date issuedAt) { expectedClaims.setIssuedAt(issuedAt); return this; }
@Override public JwtParser requireAudience(String audience) { expectedClaims.setAudience(audience); return this; }
@Override public JwtParser requireIssuer(String issuer) { expectedClaims.setIssuer(issuer); return this; }
private Claims getAllClaimsFromToken(String token) { return Jwts.parser() .setSigningKey(secret) .parseClaimsJws(token) .getBody(); }
/** * 根据负责生成JWT的token */ private String generateToken(Map<String, Object> claims) { return Jwts.builder() .setClaims(claims) .setExpiration(generateExpirationDate()) .signWith(SignatureAlgorithm.HS512, secret) .compact(); }
@Override public Key resolveSigningKey(JwsHeader header, String plaintext) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, String) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, String) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, plaintext); return new SecretKeySpec(keyBytes, alg.getJcaName()); }
@Override public Key apply(JwsHeader<?> header) { SignatureAlgorithm algorithm = SignatureAlgorithm.forName(header.getAlgorithm()); return key.getKey(algorithm); } }
@Override public JwtParser requireSubject(String subject) { expectedClaims.setSubject(subject); return this; }
@Override public JwtParser requireExpiration(Date expiration) { expectedClaims.setExpiration(expiration); return this; }
@Override public T onClaimsJws(Jws<Claims> jws) { throw new UnsupportedJwtException("Signed Claims JWSs are not supported."); } }
private static String getKeyId(JwsHeader<?> header) { String keyId = header.getKeyId(); if (keyId == null) { // allow for migration from system not using kid return DEFAULT_KEY; } keyId = INVALID_KID_CHARS.replaceFrom(keyId, '_'); return keyId; }
@Override public JwtParser requireId(String id) { expectedClaims.setId(id); return this; }
@Override public JwtParser requireNotBefore(Date notBefore) { expectedClaims.setNotBefore(notBefore); return this; }
/** * Returns quietly if the specified key is allowed to create signatures using this algorithm * according to the <a href="https://tools.ietf.org/html/rfc7518">JWT JWA Specification (RFC 7518)</a> or throws an * {@link InvalidKeyException} if the key is not allowed or not secure enough for this algorithm. * * @param key the key to check for validity. * @throws InvalidKeyException if the key is not allowed or not secure enough for this algorithm. * @since 0.10.0 */ public void assertValidSigningKey(Key key) throws InvalidKeyException { assertValid(key, true); }
/** * 解析token是否正确,不正确会报异常<br> */ public static void parseToken(String token) throws JwtException { Jwts.parser().setSigningKey(JwtConstants.SECRET).parseClaimsJws(token).getBody(); }
@Override public Key resolveSigningKey(JwsHeader header, Claims claims) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, Claims) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, Claims) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, claims); return new SecretKeySpec(keyBytes, alg.getJcaName()); }
@Override public T onClaimsJwt(Jwt<Header, Claims> jwt) { throw new UnsupportedJwtException("Unsigned Claims JWTs are not supported."); }
/** * Returns quietly if the specified key is allowed to verify signatures using this algorithm * according to the <a href="https://tools.ietf.org/html/rfc7518">JWT JWA Specification (RFC 7518)</a> or throws an * {@link InvalidKeyException} if the key is not allowed or not secure enough for this algorithm. * * @param key the key to check for validity. * @throws InvalidKeyException if the key is not allowed or not secure enough for this algorithm. * @since 0.10.0 */ public void assertValidVerificationKey(Key key) throws InvalidKeyException { assertValid(key, false); }
/** * 从token中获取JWT中的负载 */ private Claims getClaimsFromToken(String token) { Claims claims = null; try { claims = Jwts.parser() .setSigningKey(secret) .parseClaimsJws(token) .getBody(); } catch (Exception e) { LOGGER.info("JWT格式验证失败:{}",token); } return claims; }
public Claims parseJWT(String jwt) { SecretKey key = jwtConfig.generalKey(); return Jwts.parser() .setSigningKey(key) .parseClaimsJws(jwt).getBody(); }