diff --git a/src/main/java/boss/portal/filter/JWTLoginFilter.java b/src/main/java/boss/portal/filter/JWTLoginFilter.java index 1c3de2d15fe4ba9970895807488ce503821ee3d1..5915fcf5ec891fe5fa62c9a05e564bc379dcf4f5 100644 --- a/src/main/java/boss/portal/filter/JWTLoginFilter.java +++ b/src/main/java/boss/portal/filter/JWTLoginFilter.java @@ -65,15 +65,17 @@ public class JWTLoginFilter extends UsernamePasswordAuthenticationFilter { for (GrantedAuthority grantedAuthority : authorities) { roleList.add(grantedAuthority.getAuthority()); } - // 设置过期时间 Calendar calendar = Calendar.getInstance(); + Date now = calendar.getTime(); + // 设置签发时间 calendar.setTime(new Date()); - /*calendar.add(Calendar.DAY_OF_MONTH, 30);*///30天 - calendar.add(Calendar.MINUTE, 1);// 1分钟 + // 设置过期时间 + calendar.add(Calendar.MINUTE, 10);// 10分钟 Date time = calendar.getTime(); token = Jwts.builder() .setSubject(auth.getName() + "-" + roleList) - .setExpiration(time) + .setIssuedAt(now)//签发时间 + .setExpiration(time)//过期时间 .signWith(SignatureAlgorithm.HS512, ConstantKey.SIGNING_KEY) //采用什么算法是可以自己选择的,不一定非要采用HS512 .compact(); // 登录成功后,返回token到header里面 diff --git a/src/main/java/boss/portal/util/JwtHelper.java b/src/main/java/boss/portal/util/JwtHelper.java new file mode 100644 index 0000000000000000000000000000000000000000..7cf08b664df3678438776440017bc8f1587729d9 --- /dev/null +++ b/src/main/java/boss/portal/util/JwtHelper.java @@ -0,0 +1,110 @@ +package boss.portal.util; + +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.JwtBuilder; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import org.springframework.beans.factory.annotation.Value; + +import javax.crypto.spec.SecretKeySpec; +import javax.xml.bind.DatatypeConverter; +import java.security.Key; +import java.util.Date; + +/** + * @FileName: JwtHelper + * @Author: zhaoxinguo + * @Date: 2018/12/10 19:39 + * @Description: 实现Jwt + */ +public class JwtHelper { + + @Value("${jwt.expiration}") + public long expiration;//token超时时间 + + @Value("${jwt.secret}") + public String base64Security; + + /** + * 解析token + * @param jsonWebToken + * @return + */ + public Claims parseToken(String jsonWebToken) { + + Claims claims = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(base64Security)) + .parseClaimsJws(jsonWebToken).getBody(); + return claims; + + } + + /** + * 新建token + + * @param audience + * @param issuer + + * @return + */ + public String createToken(String audience, + String issuer) { + SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; + + long nowMillis = System.currentTimeMillis(); + Date now = new Date(nowMillis); + + // 生成签名密钥 + byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(base64Security); + Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); + + // 添加构成JWT的参数 + JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT").setIssuer(issuer).setAudience(audience) + .signWith(signatureAlgorithm, signingKey); + + // 添加Token签发时间 + builder.setIssuedAt(now); + // 添加Token过期时间 + if (expiration >= 0) { + long expMillis = nowMillis + expiration; + Date exp = new Date(expMillis); + builder.setExpiration(exp).setNotBefore(now); + } + + // 生成JWT + return builder.compact(); + } + + /** + * 刷新令牌 + * + * @param claims + * @return + */ + public String refreshToken(Claims claims) { + SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; + + long nowMillis = System.currentTimeMillis(); + Date now = new Date(nowMillis); + + // 生成签名密钥 + byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(base64Security); + Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); + + // 添加构成JWT的参数 + JwtBuilder builder = Jwts.builder().setHeaderParam("typ", "JWT") + .setIssuer((String) claims.get("iss")).setAudience((String) claims.get("aud")) + .signWith(signatureAlgorithm, signingKey); + + // 添加Token签发时间 + builder.setIssuedAt(now); + // 添加Token过期时间 + if (expiration >= 0) { + long expMillis = nowMillis + expiration; + Date exp = new Date(expMillis); + builder.setExpiration(exp).setNotBefore(now); + } + + // 生成Token + return builder.compact(); + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 299892fe01c979c9b956b9d3558c8efa7545948f..47598dbd955e74f7f772f7d67acc82d868dfa243 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -7,3 +7,9 @@ spring.jpa.hibernate.ddl-auto=update spring.jpa.show-sql=true spring.jackson.serialization.indent_output=true +# JWT Config +jwt.header=Authorization +jwt.secret=NDU0NTY4amhmc3NkeHp6eGNxdzIlMjFAJTIxQCUyM2ZmNQ== +#120 +jwt.expiration=7200000 + diff --git a/src/test/java/boss/portal/web/springbootdemo2/SpringbootDemo2ApplicationTests.java b/src/test/java/boss/portal/web/springbootdemo2/SpringbootDemo2ApplicationTests.java index 70894bf4671c773a4df6a23ad8f648d8c5f4facf..b9ddc44a021607a645995c273f966401e2205418 100644 --- a/src/test/java/boss/portal/web/springbootdemo2/SpringbootDemo2ApplicationTests.java +++ b/src/test/java/boss/portal/web/springbootdemo2/SpringbootDemo2ApplicationTests.java @@ -11,6 +11,8 @@ public class SpringbootDemo2ApplicationTests { @Test public void contextLoads() { + long refreshPeriodTime = 36000L; //seconds为单位,10 hours + System.out.println(refreshPeriodTime >> 1); } }