Springboot之登录模块探索（含Token，验证码，网络安全等知识）(12)

1 ** 2 * @auther: NiceBin 3 * @description: Jwt构造器，创建Token来进行身份记录 4 * jwt由3个部分构成：jwt头，有效载荷（主体,payLoad），签名 5 * @date: 2020/5/7 22:40 6 */ 7publicclass JwtTool { 8 9//以下为JwtTool生成时的主题 10//登录是否还有效 11publicstaticfinal String SUBJECT_ONLINE_STATE = "online_state"; 12 13//以下为载荷固定的Key值 14//主题 15publicstaticfinal String SUBJECT = "subject"; 16//发布时间 17publicstaticfinal String TIME_ISSUED = "timeIssued"; 18//过期时间 19publicstaticfinal String EXPIRATION = "expiration"; 20 21/** 22 * 生成token，参数都是载荷（自定义内容） 23 * 其中Map里为非必要数据，而其他参数为必要参数 24 * 25 * @param subject 主题，token生成干啥用的，用上面的常量作为参数 26 * @param liveTime 存活时间(秒单位)，建议使用TimeUnit方便转换 27 * 如TimeUnit.HOURS.toSeconds(1);将1小时转为秒 = 3600 28 * @param claimMap 自定义荷载，可以为空 29 * @return 30*/ 31publicstatic String createToken(String subject, long liveTime, HashMap<String, String> claimMap) throws Exception { 32 33 SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; 34 35//毫秒要转为秒 36long now = System.currentTimeMillis() / 1000; 37 38// byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(EncrypRSA.keyString); 39// 40// Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); 41 42 JwtBuilder jwtBuilder = Jwts.builder() 43//加密算法 44 .setHeaderParam("alg", "HS256") 45//jwt签名 46 .signWith(signatureAlgorithm, EncrypRSA.convertSecretKey); //这个Key是我自个的密码，你们自己设个字符串也成，这个得保密 47 48 HashMap<String,String> payLoadMap = new HashMap<>(); 49 payLoadMap.put(SUBJECT,subject); 50 payLoadMap.put(TIME_ISSUED,String.valueOf(now)); 51//设置Token的过期时间 52if (liveTime >= 0) { 53long expiration = now liveTime; 54 payLoadMap.put(EXPIRATION,String.valueOf(expiration)); 55 } else { 56thrownew SystemException(SystemStaticValue.TOOL_PARAMETER_EXCEPTION_CODE, "liveTime参数异常"); 57 } 58 59 StringBuilder payLoad = new StringBuilder(); 60 61 62 63if (!Collections.isEmpty(claimMap)) { 64 payLoadMap.putAll(claimMap); 65 } 66 67//拼接主题payLoad，采用 key1,value1,key2,value2的格式 68for (Map.Entry<String, String> entry : payLoadMap.entrySet()) { 69 payLoad.append(entry.getKey()).append(",").append(entry.getValue()).append(","); 70 } 71 72//对payLoad进行加密，这样别人Base64URL解密后也不是明文 73 String encrypPayLoad = EncrypRSA.encrypt(payLoad.toString()); 74 75 jwtBuilder.setPayload(encrypPayLoad); 76 77//会自己生成签名，组装 78return jwtBuilder.compact(); 79 } 80 81/** 82 * 私钥解密token信息 83 * 84 * @param token 85 * @return 存有之前定义的Key, value的Map，解析失败则返回null 86*/ 87publicstatic HashMap getMap(String token) { 88if (!Tool.isNull(token)) { 89try { 90 String encrypPayLoad = Jwts.parser() 91 .setSigningKey(EncrypRSA.convertSecretKey) 92 .parsePlaintextJws(token).getBody(); 93 94 String payLoad = EncrypRSA.decrypt(encrypPayLoad); 95 96 String[] payLoads = payLoad.split(","); 97 HashMap<String, String> map = new HashMap<>(); 98for (int i = 0; i < payLoads.length - 1; i=i 2) { 99 map.put(payLoads[i], payLoads[i 1]);100 }101return map;102 } catch (Exception e) {103 System.out.println("Token解析失败");104returnnull;105 }106 } else {107returnnull;108 }109 }110111/**112 * 判断token是否有效113 *114 * @param map 已经解析过token的map115 * @return true 为有效116*/117publicstaticboolean isAlive(HashMap<String, String> map) {118119if (!Collections.isEmpty(map)) {120 String tokenString = map.get(EXPIRATION);121122if (!Tool.isNull(tokenString)) {123long expiration = Long.valueOf(tokenString) / 1000;124long now = System.currentTimeMillis();125if (expiration > now) {126returntrue;127 } else {128returnfalse;129 }130 }131 }132returnfalse;133 }134135/**136 * 判断token是否有效137 * @param token 还未被解析的token138 * @return139*/140publicstaticboolean isAlive(String token) {141return JwtTool.isAlive(JwtTool.getMap(token));142 }143 }