Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/386.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java JWT无效签名_Java_Jwt - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java JWT无效签名

Java JWT无效签名

java jwt

Java JWT无效签名,java,jwt,Java,Jwt,我正在尝试使用json web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有一个片段 Jwts.parser() .setSigningKey(secretKey) .parseClaimsJws(token) .getBody() 它总是抛出异常 我试图用以下代码生成令牌 String compactJws = Jwts.builder() .setSubject("Joe") .s

我正在尝试使用json web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有一个片段

Jwts.parser()
        .setSigningKey(secretKey)
        .parseClaimsJws(token)
        .getBody()
它总是抛出异常

我试图用以下代码生成令牌

String compactJws = Jwts.builder()
            .setSubject("Joe")
            .signWith(SignatureAlgorithm.HS256, "secret")
            .compact();
当我把这个标记粘贴到这里时,我得到的信息是它是无效的。怎么了?

您在
signWith
方法中传递了一个纯文本键,这就是问题所在

根据JJWT源代码:

/** 
331      * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
332      * 
333      * <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting 
334      * byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p> 
335      * 
336      * @param alg                    the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
337      * @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the 
338      *                               JWT. 
339      * @return the builder for method chaining. 
340      */ 
341     JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey); 
342 

343     /** 
344      * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
345      * 
346      * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
347      * @param key the algorithm-specific signing key to use to digitally sign the JWT. 
348      * @return the builder for method chaining. 
349      */ 
350     JwtBuilder signWith(SignatureAlgorithm alg, Key key);
我认为您的*.setSigningKey(secretKey)*有问题。 下面是完整的代码,说明了如何使用JWT验证令牌

package com.brajesh.test;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

public class JwtTokenDemo {

    private String secretKey;

    public static void main(String[] args) {
        JwtTokenDemo jwtTokenDemo = new JwtTokenDemo();
        String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "brajesh@gmail.com", 12999L);
        System.out.println("tokens : "+tokens);

        System.out.println("========AFTER============");
        jwtTokenDemo.parseJWT(tokens);
    }


    //Sample method to validate and read the JWT
    private void parseJWT(String jwt) {
    //This line will throw an exception if it is not a signed JWS (as expected)
    Claims claims = Jwts.parser()         
       .setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
       .parseClaimsJws(jwt).getBody();
        System.out.println("ID: " + claims.getId());
        System.out.println("Subject: " + claims.getSubject());
        System.out.println("Issuer: " + claims.getIssuer());
        System.out.println("Expiration: " + claims.getExpiration());
    }
/**
 * 
 * @param id
 * @param issuer
 * @param subject
 * @param ttlMillis
 * @return
 */
private String createJWT(String id, String issuer, String subject, long ttlMillis) {

  //The JWT signature algorithm we will be using to sign the token
  SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

  long nowMillis = System.currentTimeMillis();
  Date now = new Date(nowMillis);
  String keys = UUID.randomUUID().toString();
  System.out.println(keys);
  this.secretKey = keys;

  byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys);
  Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());


  JwtBuilder builder = Jwts.builder().setId(id)
                              .setIssuedAt(now)
                              .setSubject(subject)
                              .setIssuer(issuer)
                              .signWith(signatureAlgorithm, signingKey);

  if (ttlMillis >= 0) {
  long expMillis = nowMillis + ttlMillis;
      Date exp = new Date(expMillis);
      builder.setExpiration(exp);
  }
  return builder.compact();
}
}
可能重复的 
package com.brajesh.test;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

public class JwtTokenDemo {

    private String secretKey;

    public static void main(String[] args) {
        JwtTokenDemo jwtTokenDemo = new JwtTokenDemo();
        String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "brajesh@gmail.com", 12999L);
        System.out.println("tokens : "+tokens);

        System.out.println("========AFTER============");
        jwtTokenDemo.parseJWT(tokens);
    }


    //Sample method to validate and read the JWT
    private void parseJWT(String jwt) {
    //This line will throw an exception if it is not a signed JWS (as expected)
    Claims claims = Jwts.parser()         
       .setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
       .parseClaimsJws(jwt).getBody();
        System.out.println("ID: " + claims.getId());
        System.out.println("Subject: " + claims.getSubject());
        System.out.println("Issuer: " + claims.getIssuer());
        System.out.println("Expiration: " + claims.getExpiration());
    }
/**
 * 
 * @param id
 * @param issuer
 * @param subject
 * @param ttlMillis
 * @return
 */
private String createJWT(String id, String issuer, String subject, long ttlMillis) {

  //The JWT signature algorithm we will be using to sign the token
  SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;

  long nowMillis = System.currentTimeMillis();
  Date now = new Date(nowMillis);
  String keys = UUID.randomUUID().toString();
  System.out.println(keys);
  this.secretKey = keys;

  byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys);
  Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());


  JwtBuilder builder = Jwts.builder().setId(id)
                              .setIssuedAt(now)
                              .setSubject(subject)
                              .setIssuer(issuer)
                              .signWith(signatureAlgorithm, signingKey);

  if (ttlMillis >= 0) {
  long expMillis = nowMillis + ttlMillis;
      Date exp = new Date(expMillis);
      builder.setExpiration(exp);
  }
  return builder.compact();
}
}