亚洲欧美日韩熟女|做爱高潮视频网址|国产一区二区三级片|国产Av中文字幕www.性色av|亚洲婷婷永久免费|国产高清中文字幕|欧美变态网站久re视频精品|人妻AV鲁丝第一页|天堂AV一区二区在线观看|综合 91在线精品

<label id="m9wbq"></label>

<rt id="m9wbq"></rt>

<label id="m9wbq"></label>

<noframes id="eweak"><fieldset id="eweak"></fieldset></noframes><noframes id="eweak"><table id="eweak"></table></noframes>

<li id="eweak"></li><button id="eweak"><code id="eweak"></code></button>

<code id="eweak"><dd id="eweak"></dd></code>

<button id="eweak"><rt id="eweak"></rt></button>

<noframes id="eweak"></noframes>

<td id="eweak"><dd id="eweak"></dd></td>

<noframes id="eweak"><code id="eweak"></code></noframes><noframes id="eweak"><source id="eweak"></source></noframes>

<td id="eweak"></td>

<fieldset id="eweak"></fieldset>

<source id="eweak"></source>

jjwt生成jwt token

2023-04-12

JJWT生成token

jjwt 0.9.0版本
jjwt0.11.2版本
版本區(qū)別

第一個(gè)問(wèn)題
第二個(gè)問(wèn)題
第三個(gè)問(wèn)題

最近在一個(gè)項(xiàng)目中不經(jīng)意間升級(jí)了jjwt的版本(0.9.0升級(jí)到0.11.2)，隨之遇到了一些問(wèn)題。主要問(wèn)題如下：

The signing key’s algorithm ‘AES’ does not equal a valid HmacSHA* algorithm name and cannot be used with HS256.
The signing key’s size is 16 bits which is not secure enough for the HS256 algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HS256 MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys class’s ‘secretKeyFor(SignatureAlgorithm.HS256)’ method to create a key guaranteed to be secure enough for HS256. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.
Unable to find an implementation for interface io.jsonwebtoken.io.Serializer using java.util.ServiceLoader. Ensure you include a backing implementation .jar in the classpath, for example jjwt-impl.jar, or your own .jar for custom implementations.

jjwt 0.9.0版本

package com.example;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClaims;
import org.apache.commons.codec.binary.Base64;

import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

public class JwtTest {

    /**
     * 生成SecretKey
     * @param secret
     * @return
     */
    private static SecretKey generateKey(String secret) {
        byte[] encodedKey = Base64.decodeBase64(secret);
        return new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
    }

    /**
     * 新生成token
     *
     * @param clientId
     * @param exp
     * @return
     * @throws IOException
     */
    public static String createToken(String clientId, Long exp) throws IOException {
        Claims claims = new DefaultClaims();

        // milliseconds是毫秒  1000毫秒=1秒
        long expVal = System.currentTimeMillis() + exp*1000;

        claims.setExpiration(new Date(expVal));

        try {
            claims.setSubject(clientId);
        } catch (Exception e) {
            e.printStackTrace();
        }

        String compactJws = Jwts.builder()
                .setClaims(claims)
                .signWith(SignatureAlgorithm.HS256, generateKey("jinan_20220511"))
                .compact();

        return compactJws;
    }

    public static void main( String[] args )
    {
        try {
            String token = createToken("18605318888", 15*24*60*60L);
            System.out.println(token);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

}

jjwt0.11.2版本

package com.example;

import com.google.gson.Gson;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.gson.io.GsonSerializer;
import io.jsonwebtoken.impl.DefaultClaims;
import org.apache.commons.codec.binary.Base64;

import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.util.Date;

public class JwtTest11 {

    /**
     * 生成SecretKey
     * @param secret
     * @return
     */
    private static SecretKey generateKey(String secret) {
        byte[] encodedKey = Base64.decodeBase64(secret);
        return new SecretKeySpec(encodedKey, 0, encodedKey.length, "HmacSHA256");
    }

    /**
     * 新生成token
     *
     * @param clientId
     * @param exp
     * @return
     * @throws IOException
     */
    public static String createToken(String clientId, Long exp) throws IOException {
        Claims claims = new DefaultClaims();

        // milliseconds是毫秒  1000毫秒=1秒
        long expVal = System.currentTimeMillis() + exp*1000;

        claims.setExpiration(new Date(expVal));

        try {
            claims.setSubject(clientId);
        } catch (Exception e) {
            e.printStackTrace();
        }

        String compactJws = Jwts.builder()
                .setClaims(claims)
                .signWith(generateKey("jinan_20220511jinan_20220511jinan_20220511jinan_20220511"), SignatureAlgorithm.HS256)
                .serializeToJsonWith(new GsonSerializer<>(new Gson()))
                .compact();

        return compactJws;
    }

    public static void main( String[] args )
    {
        try {
            String token = createToken("18605318888", 15*24*60*60L);
            System.out.println(token);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

}

版本區(qū)別

第一個(gè)問(wèn)題

The signing key’s algorithm ‘AES’ does not equal a valid HmacSHA* algorithm name and cannot be used with HS256

// jjwt 0.9.0版本
    private static SecretKey generateKey(String secret) {
        byte[] encodedKey = Base64.decodeBase64(secret);
        return new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
    }
    // jjwt 0.11.2版本
    private static SecretKey generateKey(String secret) {
        byte[] encodedKey = Base64.decodeBase64(secret);
        return new SecretKeySpec(encodedKey, 0, encodedKey.length, "HmacSHA256");
    }

AES改為HmacSHA256

第二個(gè)問(wèn)題

The signing key’s size is 16 bits which is not secure enough for the HS256 algorithm.

// jjwt 0.9版本
String compactJws = Jwts.builder()
                .setClaims(claims)
                .signWith(SignatureAlgorithm.HS256, generateKey("jinan_20220511"))
                .compact();
// jjwt 0.11.2版本
String compactJws = Jwts.builder()
                .setClaims(claims)
                .signWith(generateKey("jinan_20220511jinan_20220511jinan_20220511jinan_20220511"), SignatureAlgorithm.HS256)
                .serializeToJsonWith(new GsonSerializer<>(new Gson()))
                .compact();

密鑰位數(shù)不夠，必須大于256位，一個(gè)字符按照8位算，至少32個(gè)字符。

第三個(gè)問(wèn)題

Unable to find an implementation for interface io.jsonwebtoken.io.Serializer using java.util.ServiceLoader.
代碼參考第二個(gè)問(wèn)題。

沒(méi)找到序列化的實(shí)現(xiàn)，添加序列化相關(guān)依賴和代碼。


        io.jsonwebtoken
        jjwt-gson
        0.11.2

String compactJws = Jwts.builder()
                .setClaims(claims)
                .signWith(generateKey("jinan_20220511jinan_20220511jinan_20220511jinan_20220511"), SignatureAlgorithm.HS256)
                // 添加序列化相關(guān)
                .serializeToJsonWith(new GsonSerializer<>(new Gson()))
                .compact();

本文僅代表作者觀點(diǎn)，版權(quán)歸原創(chuàng)者所有，如需轉(zhuǎn)載請(qǐng)?jiān)谖闹凶⒚鱽?lái)源及作者名字。

免責(zé)聲明：本文系轉(zhuǎn)載編輯文章，僅作分享之用。如分享內(nèi)容、圖片侵犯到您的版權(quán)或非授權(quán)發(fā)布，請(qǐng)及時(shí)與我們聯(lián)系進(jìn)行審核處理或刪除，您可以發(fā)送材料至郵箱：service@tojoy.com

延伸閱讀

使用idea維護(hù)老項(xiàng)目編譯打包中遇到的一點(diǎn)問(wèn)題

執(zhí)著的軟考生涯

剛剛，預(yù)警發(fā)布！

項(xiàng)目實(shí)施中oracle數(shù)據(jù)庫(kù)表空間問(wèn)題

論項(xiàng)目_window.onbeforeunload的使用

項(xiàng)目推薦

迪瓜租機(jī)

愛親母嬰連鎖品牌

<button id="k2ck2"><code id="k2ck2"></code></button>