AccessToken 认证工具
# AccessToken 认证工具
#### 引入三方工具包:
gradle:
```
implementation("com.auth0:java-jwt:3.8.0")`
```
maven:
```
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.8.0</version>
</dependency>
```
### [AccessToken.java]:
```java
public class AccessToken {
private String appId;
private String issueAt;
public String getAppId() {
return appId;
}
public void setAppId(String appId) {
this.appId = appId;
}
public String getIssueAt() {
return issueAt;
}
public void setIssueAt(String issueAt) {
this.issueAt = issueAt;
}
}
```
### [JwtUtil.java]:
```java
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
public class JwtUtil {
private final static String APP_ID = "appId";
private final static String ISSUE_AT = "issueAt";
private final static DateTimeFormatter DATE_TIME_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
public static void main(String[] args){
String tokenStr = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBJZCI6IjEyMzQ1Njc4IiwiaXNzdWVBdCI6IjIwMTktMDktMTcgMTE6MDk6NTUifQ.VEEMiWMZhx6s3i_sLIRDiol8ei1yKuLSo0TbRwe0lAI";
String appSecret = "abcdef";
AccessToken accessToken = parseAndVerifyToken(tokenStr, appSecret);
if (accessToken == null){
System.out.println("token解析失败!");
return;
}
//设置过期时间2小时
LocalDateTime issueAt = LocalDateTime.parse(accessToken.getIssueAt(), DATE_TIME_FORMATTER);
LocalDateTime expireAt = issueAt.plusHours(2);
if (expireAt.isBefore(issueAt)){
System.out.println("token已过期");
return;
}
System.out.println("token合法");
}
private static AccessToken parseAndVerifyToken(String tokenStr, String appSecret) {
try {
DecodedJWT unsafeJwt = JWT.decode(tokenStr);
Algorithm algorithm = getAlgorithm(unsafeJwt.getAlgorithm(), appSecret);
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT verifiedJwt = verifier.verify(tokenStr);
AccessToken accessToken = new AccessToken();
accessToken.setAppId(verifiedJwt.getClaim(APP_ID).asString());
accessToken.setIssueAt(verifiedJwt.getClaim(ISSUE_AT).asString());
return accessToken;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
private static Algorithm getAlgorithm(String algorithmName, String secret) {
switch (algorithmName) {
case "HS256":
return Algorithm.HMAC256(secret);
case "HS384":
return Algorithm.HMAC384(secret);
case "HS512":
return Algorithm.HMAC512(secret);
default:
throw new RuntimeException("暂不支持的加密算法");
}
}
}
```