JWT无效签名
问题描述:
我正在尝试使用json Web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有以下片段JWT无效签名
Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody()
它总是抛出异常。
我试图生成与下面的代码
String compactJws = Jwts.builder()
.setSubject("Joe")
.signWith(SignatureAlgorithm.HS256, "secret")
.compact();
令牌,当我在这里https://jwt.io/粘贴此令牌我得到了,这是无效的信息。哪里不对 ?
答
您正在传递一个明文密钥signWith
方法,这就是问题;
作为每JJWT源代码:
/**
331 * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
332 *
333 * <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting
334 * byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p>
335 *
336 * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
337 * @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the
338 * JWT.
339 * @return the builder for method chaining.
340 */
341 JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey);
342
343 /**
344 * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS.
345 *
346 * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS.
347 * @param key the algorithm-specific signing key to use to digitally sign the JWT.
348 * @return the builder for method chaining.
349 */
350 JwtBuilder signWith(SignatureAlgorithm alg, Key key);
传递包含该键的基-64串,或声明Key对象并通过相关的信息来构建它。 如在例如:
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("c2VjcmV0");//this has to be base-64 encoded, it reads 'secret' if we de-encoded it
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
//Let's set the JWT Claims
JwtBuilder builder = Jwts.builder().setId(id)
.setIssuedAt(now)
.setSubject(subject)
.setIssuer(issuer)
.signWith(signatureAlgorithm, signingKey);
答
我认为你正在做的事情错* .setSigningKey(秘密密钥)*。 这里是完整的代码,说明如何使用智威汤逊验证令牌。
package com.brajesh.test;
import java.security.Key;
import java.util.Date;
import java.util.UUID;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
public class JwtTokenDemo {
private String secretKey;
public static void main(String[] args) {
JwtTokenDemo jwtTokenDemo = new JwtTokenDemo();
String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "[email protected]", 12999L);
System.out.println("tokens : "+tokens);
System.out.println("========AFTER============");
jwtTokenDemo.parseJWT(tokens);
}
//Sample method to validate and read the JWT
private void parseJWT(String jwt) {
//This line will throw an exception if it is not a signed JWS (as expected)
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
.parseClaimsJws(jwt).getBody();
System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Expiration: " + claims.getExpiration());
}
/**
*
* @param id
* @param issuer
* @param subject
* @param ttlMillis
* @return
*/
private String createJWT(String id, String issuer, String subject, long ttlMillis) {
//The JWT signature algorithm we will be using to sign the token
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
String keys = UUID.randomUUID().toString();
System.out.println(keys);
this.secretKey = keys;
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
JwtBuilder builder = Jwts.builder().setId(id)
.setIssuedAt(now)
.setSubject(subject)
.setIssuer(issuer)
.signWith(signatureAlgorithm, signingKey);
if (ttlMillis >= 0) {
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
builder.setExpiration(exp);
}
return builder.compact();
}
}
的[与Java JJWT签名生成的jwt.io调试失败]可能的复制(http://*.com/questions/38263680/generated-with-java-jjwt-signature-fails-at-jwt -io调试器) – pedrofb