乐工具技术知识?Java???JWT(JSON Web Token)????(SSO)??????,????JWT???JWT????????????????????????:
1. ????
??,???????????JWT?????????????Maven,???pom.xml???????:
io.jsonwebtoken jjwt-api 0.11.2 io.jsonwebtoken jjwt-impl 0.11.2 runtime io.jsonwebtoken jjwt-jackson 0.11.2 runtime
2. ??JWT
???????JWT?????????????????????:
import io.jsonwebtoken.*;
import java.util.Base64;
import java.util.Date;
public class JwtUtil {
private static final String SECRET_KEY = "yourSecretKey"; // ???????????
private static final long EXPIRATION_TIME = 86400000; // 24??
public static String createToken(String username) {
return Jwts.builder()
.setSubject(username)
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SignatureAlgorithm.HS512, SECRET_KEY)
.compact();
}
public static String getUsernameFromToken(String token) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
return claims.getSubject();
}
public static boolean isTokenExpired(String token) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
return claims.getExpiration().before(new Date());
}
}
3. ????????
????????????????:
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class JwtSSOFilter {
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {
String token = request.getHeader("Authorization");
if (token == null || !JwtUtil.isTokenValid(token)) {
response.sendRedirect("/login");
return;
}
String username = JwtUtil.getUsernameFromToken(token);
request.setAttribute("username", username);
chain.doFilter(request, response);
}
}
4. ?????
???Web????????,??????????JWT???????????:
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;
@WebFilter(urlPatterns = "/*")
public class JwtSSOFilterConfig implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
JwtSSOFilter.doFilter((HttpServletRequest) request, (HttpServletResponse) response, chain);
}
@Override
public void destroy() {
}
}
5. ??????
???????????,????????????????,??????????JWT????????
Login
Login
6. ??????
???????????,??JWT????????
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// ??????????????????
if ("admin".equals(username) && "password".equals(password)) {
String token = JwtUtil.createToken(username);
response.setHeader("Authorization", token);
response.sendRedirect("/home");
} else {
response.sendRedirect("/login?error=Invalid username or password");
}
}
}
7. ????
??????,?????????????
Home
Welcome, !
??
??????????Java???JWT?????????????????,??????????????,???????HTTPS?????????
