Java JWT无效签名
我正在尝试使用json web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有一个片段Java JWT无效签名,java,jwt,Java,Jwt,我正在尝试使用json web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有一个片段 Jwts.parser() .setSigningKey(secretKey) .parseClaimsJws(token) .getBody() 它总是抛出异常 我试图用以下代码生成令牌 String compactJws = Jwts.builder() .setSubject("Joe") .s
Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody()
它总是抛出异常
我试图用以下代码生成令牌
String compactJws = Jwts.builder()
.setSubject("Joe")
.signWith(SignatureAlgorithm.HS256, "secret")
.compact();
当我把这个标记粘贴到这里时,我得到的信息是它是无效的。怎么了?您在
signWith
方法中传递了一个纯文本键,这就是问题所在
根据JJWT源代码:
/**
331 * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
332 *
333 * <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting
334 * byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p>
335 *
336 * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
337 * @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the
338 * JWT.
339 * @return the builder for method chaining.
340 */
341 JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);
342
343 /**
344 * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
345 *
346 * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
347 * @param key the algorithm-specific signing key to use to digitally sign the JWT.
348 * @return the builder for method chaining.
349 */
350 JwtBuilder signWith(SignatureAlgorithm alg, Key key);
我认为您的*.setSigningKey(secretKey)*有问题。 下面是完整的代码,说明了如何使用JWT验证令牌
package com.brajesh.test;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class JwtTokenDemo {
private String secretKey;
public static void main(String[] args) {
JwtTokenDemo jwtTokenDemo = new JwtTokenDemo();
String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "brajesh@gmail.com", 12999L);
System.out.println("tokens : "+tokens);
System.out.println("========AFTER============");
jwtTokenDemo.parseJWT(tokens);
}
//Sample method to validate and read the JWT
private void parseJWT(String jwt) {
//This line will throw an exception if it is not a signed JWS (as expected)
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
.parseClaimsJws(jwt).getBody();
System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Expiration: " + claims.getExpiration());
}
/**
*
* @param id
* @param issuer
* @param subject
* @param ttlMillis
* @return
*/
private String createJWT(String id, String issuer, String subject, long ttlMillis) {
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
String keys = UUID.randomUUID().toString();
System.out.println(keys);
this.secretKey = keys;
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
JwtBuilder builder = Jwts.builder().setId(id)
.setIssuedAt(now)
.setSubject(subject)
.setIssuer(issuer)
.signWith(signatureAlgorithm, signingKey);
if (ttlMillis >= 0) {
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp);
}
return builder.compact();
}
}
可能重复的
package com.brajesh.test;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class JwtTokenDemo {
private String secretKey;
public static void main(String[] args) {
JwtTokenDemo jwtTokenDemo = new JwtTokenDemo();
String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "brajesh@gmail.com", 12999L);
System.out.println("tokens : "+tokens);
System.out.println("========AFTER============");
jwtTokenDemo.parseJWT(tokens);
}
//Sample method to validate and read the JWT
private void parseJWT(String jwt) {
//This line will throw an exception if it is not a signed JWS (as expected)
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
.parseClaimsJws(jwt).getBody();
System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Expiration: " + claims.getExpiration());
}
/**
*
* @param id
* @param issuer
* @param subject
* @param ttlMillis
* @return
*/
private String createJWT(String id, String issuer, String subject, long ttlMillis) {
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
String keys = UUID.randomUUID().toString();
System.out.println(keys);
this.secretKey = keys;
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
JwtBuilder builder = Jwts.builder().setId(id)
.setIssuedAt(now)
.setSubject(subject)
.setIssuer(issuer)
.signWith(signatureAlgorithm, signingKey);
if (ttlMillis >= 0) {
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp);
}
return builder.compact();
}
}