引入maven依賴:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>${jwt.version}</version>
</dependency>
// 我使用的版本:<jwt.version>3.4.0</jwt.version>
加解密工具類:
package com.wanli.databoard.utils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.wanli.databoard.exception.BizRuntimeException;
import com.wanli.databoard.exception.ErrorCode;
import lombok.extern.slf4j.Slf4j;
import org.joda.time.LocalDateTime;
import org.springframework.stereotype.Component;
@Component
@Slf4j
public class JWTUtil {
/**
* 創建token
*
* @param key
* @param value
* @param secret
* @param expireDay
* @return
*/
public String sign(String key, String value, String secret, int expireDay) {
Algorithm algorithm = Algorithm.HMAC256(secret);
return JWT.create()
.withClaim(key, value)
.withExpiresAt(LocalDateTime.now().plusDays(expireDay).toDate())
.sign(algorithm);
}
/**
* 校驗token
*
* @param token
* @param secret
* @param key
* @return
*/
public String verify(String token, String secret, String key) {
try {
Algorithm algorithm = Algorithm.HMAC256(secret);
JWTVerifier verifier = JWT.require(algorithm).build();
DecodedJWT jwt = verifier.verify(token);
return jwt.getClaims().get(key).asString();
} catch (TokenExpiredException e) {
log.error("[JWTUtil.verify] TOKEN已過期", e);
throw new BizRuntimeException(ErrorCode.JWT_TOKEN_EXPIRED);
} catch (Exception e) {
log.error("[JWTUtil.verify] TOKEN校驗失敗", e);
throw new BizRuntimeException(ErrorCode.JWT_VERIFY_FAILD);
}
}
}
//mobileno 需要加密的數據
public Cookie buildCookie(String mobileNo) {
Cookie cookie = new Cookie(Constants.TOKEN_KEY,
jwtUtil.sign(Constants.JWT_LOGIN_KEY, mobileNo, Constants.JWT_LOGIN_SECRET, cookieExpireDay));
cookie.setHttpOnly(false);
cookie.setPath("/");
cookie.setMaxAge(cookieExpireDay * 24 * 60 * 60);
return cookie;
}
```