Skip to content

Sureness
Sureness

sureness / Sureness
大约 1 年 前同步成功

通知 32
Star 813
Fork 161
Sureness
Sureness

体验新版 GitCode,发现更多精彩内容 >>

提交 fb5311e8 编写于 作者: sinat_25235033's avatar sinat_25235033
浏览文件
操作

update jwt util set hmac algorithm as default

上级 c74f07d4
隐藏空白更改
内联 并排
Showing with 49 addition and 31 deletion
core/pom.xml
浏览文件 @ fb5311e8
......@@ -50,7 +50,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<javax.servlet.version>3.1.0</javax.servlet.version>
<javax.ws.rs.version>2.1.1</javax.ws.rs.version>
<jjwt.version>0.9.0</jjwt.version>
<jjwt.version>0.11.2</jjwt.version>
<yaml.version>1.17</yaml.version>
<xml.bind.version>2.3.0</xml.bind.version>
<slf4j.version>1.7.21</slf4j.version>
......@@ -83,9 +83,21 @@
<!-- jwt util -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<artifactId>jjwt-api</artifactId>
<version>${jjwt.version}</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>${jjwt.version}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId> <!-- or jjwt-gson if Gson is preferred -->
<version>${jjwt.version}</version>
<scope>runtime</scope>
</dependency>
<!-- yaml file load -->
<dependency>
<groupId>org.yaml</groupId>
......
core/src/main/java/com/usthe/sureness/util/JsonWebTokenUtil.java
浏览文件 @ fb5311e8
......@@ -6,32 +6,42 @@ import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.security.Keys;
import javax.xml.bind.DatatypeConverter;
import java.security.Key;
import java.util.Date;
import java.util.List;
/**
* json web token相关工具类
* use hmac algorithm, can change the secretKey by setDefaultSecretKey
* @author tomsun28
* @date 16:29 2018/3/8
*/
public class JsonWebTokenUtil {
/** 默认SUBJECT加密解密签名KEY **/
private static final String DEFAULT_SECRET_KEY = "?::4390fsf4sdl6opf):";
private static final String DEFAULT_SECRET_KEY =
"MIIEowIBAl+f/dKhaX0csgOCTlCxq20yhmUea6H6JIpST3ST1SE2Rwp" +
"LnfKefTjsIfJLBa2YkhEqE/GtcHDTNe4CU6+9y/S5z50Kik70LsP43r" +
"RnLN7XNn4wARoQXizIv6MHUsIV+EFfiMw/x7R0ntu4aWr/CWuApcFaj" +
"4mWEa6EwrPHTZmbT5Mt45AM2UYhzDHK+0F0rUq3MwH+oXsm+L3F/zjj" +
"M6EByXIO+SV5+8tVt4bisXQ13rbN0oxhUZR73+LDj9mxa6rFhMW+lfx" +
"CyaFv0bwq2Eik0jdrKUtsA6bx3sDJeFV643R+YYzGMRIqcBIp6AKA98" +
"GM2RIqcBIp6-?::4390fsf4sdl6opf)4ZI:tdQMtcQQ14pkOAQdQ546";
/** JWT格式3个点 **/
private static final int COUNT_3 = 3;
/** 加密解密签名 **/
private static String secretKey;
private static Key secretKey;
static {
secretKey = DEFAULT_SECRET_KEY;
byte[] secretKeyBytes = DatatypeConverter.parseBase64Binary(DEFAULT_SECRET_KEY);
secretKey = Keys.hmacShaKeyFor(secretKeyBytes);
}
......@@ -44,16 +54,13 @@ public class JsonWebTokenUtil {
* @param roles 访问主张-角色
* @param permissions 访问主张-权限
* @param isRefresh 是否是刷新token
* @param algorithm 加密算法
* @return java.lang.String jwt
*/
public static String issueJwt(String id, String subject, String issuer, Long period,
List<String> roles, List<String> permissions,
Boolean isRefresh, SignatureAlgorithm algorithm) {
Boolean isRefresh) {
// 当前时间戳
long currentTimeMillis = System.currentTimeMillis();
// 秘钥
byte[] secretKeyBytes = DatatypeConverter.parseBase64Binary(secretKey);
JwtBuilder jwtBuilder = Jwts.builder();
if (id != null) {
jwtBuilder.setId(id);
......@@ -82,7 +89,7 @@ public class JsonWebTokenUtil {
// 压缩,可选GZIP
jwtBuilder.compressWith(CompressionCodecs.DEFLATE);
// 加密设置
jwtBuilder.signWith(algorithm, secretKeyBytes);
jwtBuilder.signWith(secretKey);
return jwtBuilder.compact();
}
......@@ -107,10 +114,9 @@ public class JsonWebTokenUtil {
* @throws IllegalArgumentException 非法参数
*/
public static Claims parseJwt(String jwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
return Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
.parseClaimsJws(jwt)
.getBody();
return Jwts.parserBuilder().setSigningKey(secretKey).build()
.parseClaimsJws(jwt).getBody();
// 令牌ID -- claims.getId()
// 客户标识 -- claims.getSubject()
......@@ -124,9 +130,10 @@ public class JsonWebTokenUtil {
/**
* 设置新的JWT加密解密签名
* @param secretNowKey 签名KEY
* @param secretNowKeyValue key value
*/
public static void setSecretKey(String secretNowKey) {
secretKey = secretNowKey;
public static void setDefaultSecretKey(String secretNowKeyValue) {
byte[] secretKeyBytes = DatatypeConverter.parseBase64Binary(secretNowKeyValue);
secretKey = Keys.hmacShaKeyFor(secretKeyBytes);
}
}
core/src/test/java/com/usthe/sureness/subject/creater/JwtSubjectServletCreatorTest.java
浏览文件 @ fb5311e8
......@@ -2,7 +2,6 @@ package com.usthe.sureness.subject.creater;
import com.usthe.sureness.subject.SubjectCreate;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.SignatureAlgorithm;
import org.junit.Before;
import org.junit.Test;
......@@ -35,7 +34,7 @@ public class JwtSubjectServletCreatorTest {
public void canSupportSubject() {
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), "tom",
"token-server", 36000L, Arrays.asList("role2", "rol3"),
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
HttpServletRequest request = createNiceMock(HttpServletRequest.class);
expect(request.getHeader(AUTHORIZATION)).andReturn(BEARER + " " + jwt);
replay(request);
......@@ -47,7 +46,7 @@ public class JwtSubjectServletCreatorTest {
public void createSubject() {
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), "tom",
"token-server", 36000L, Arrays.asList("role2", "rol3"),
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
HttpServletRequest request = createNiceMock(HttpServletRequest.class);
expect(request.getHeader(AUTHORIZATION)).andReturn(BEARER + " " + jwt);
expect(request.getRequestURI()).andReturn("/api/v1/book");
......
core/src/test/java/com/usthe/sureness/util/JsonWebTokenUtilTest.java
浏览文件 @ fb5311e8
package com.usthe.sureness.util;
import io.jsonwebtoken.SignatureAlgorithm;
import org.junit.Test;
import static org.junit.Assert.*;
......@@ -18,7 +17,7 @@ public class JsonWebTokenUtilTest {
public void issueJwt() {
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), "tom",
"token-server", 36000L, Arrays.asList("role2", "rol3"),
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
assertNotNull(jwt);
}
......@@ -26,7 +25,7 @@ public class JsonWebTokenUtilTest {
public void isNotJsonWebToken() {
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), "tom",
"token-server", 36000L, Arrays.asList("role2", "rol3"),
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
boolean flag = JsonWebTokenUtil.isNotJsonWebToken(jwt);
assertFalse(flag);
flag = JsonWebTokenUtil.isNotJsonWebToken("gsgdsghdbhegxhsgdjsdj");
......@@ -37,7 +36,7 @@ public class JsonWebTokenUtilTest {
public void parseJwt() {
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), "tom",
"token-server", 36000L, Arrays.asList("role2", "rol3"),
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
assertNotNull(JsonWebTokenUtil.parseJwt(jwt));
}
}
\ No newline at end of file
sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/controller/AccountController.java
浏览文件 @ fb5311e8
......@@ -5,7 +5,6 @@ import com.usthe.sureness.provider.SurenessAccount;
import com.usthe.sureness.provider.SurenessAccountProvider;
import com.usthe.sureness.util.JsonWebTokenUtil;
import com.usthe.sureness.util.Md5Util;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
......@@ -63,7 +62,7 @@ public class AccountController {
long refreshPeriodTime = 36000L;
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), appId,
"token-server", refreshPeriodTime >> 1, roles,
null, Boolean.FALSE, SignatureAlgorithm.HS512);
null, Boolean.FALSE);
Map<String, String> body = Collections.singletonMap("token", jwt);
return ResponseEntity.ok().body(body);
}
......
sample-tom/src/main/java/com/usthe/sureness/sample/tom/controller/AccountController.java
浏览文件 @ fb5311e8
......@@ -4,7 +4,6 @@ import com.usthe.sureness.sample.tom.pojo.dto.Account;
import com.usthe.sureness.sample.tom.pojo.dto.Message;
import com.usthe.sureness.sample.tom.service.AccountService;
import com.usthe.sureness.util.JsonWebTokenUtil;
import io.jsonwebtoken.SignatureAlgorithm;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
......@@ -47,7 +46,7 @@ public class AccountController {
long refreshPeriodTime = 36000L;
String jwt = JsonWebTokenUtil.issueJwt(UUID.randomUUID().toString(), account.getUsername(),
"tom-auth-server", refreshPeriodTime >> 1, ownRole,
null, false, SignatureAlgorithm.HS512);
null, false);
Map<String, String> responseData = Collections.singletonMap("token", jwt);
Message message = Message.builder().data(responseData).build();
if (log.isDebugEnabled()) {
......
sample-tom/src/main/java/com/usthe/sureness/sample/tom/sureness/config/SurenessConfiguration.java
浏览文件 @ fb5311e8
......@@ -34,7 +34,10 @@ public class SurenessConfiguration {
/**
* jwt secret key
*/
private static final String TOM_SECRET_KEY = "?::4s9ssf2sf4sed45pf):";
private static final String TOM_SECRET_KEY = "?::4s9ssf2sf4sed45pf):" +
"RnLN7XNn4wARoQXizIv6MHUsIV+EFfiMw/x7R0ntu4aWr/CWuApcFaj" +
"CyaFv0bwq2Eik0jdrKUtsA6bx3sDJeFV643R+YYzGMRIqcBIp6AKA98" +
"GM2RIqcBIp6-?::4390fsf4sdl6opf)4ZI:tdQMtcQQ14pkOAQdQ546";
@Bean
ProcessorManager processorManager(SurenessAccountProvider accountProvider) {
......@@ -76,7 +79,7 @@ public class SurenessConfiguration {
@Bean
SurenessSecurityManager securityManager(ProcessorManager processorManager,
TreePathRoleMatcher pathRoleMatcher, SubjectFactory subjectFactory) {
JsonWebTokenUtil.setSecretKey(TOM_SECRET_KEY);
JsonWebTokenUtil.setDefaultSecretKey(TOM_SECRET_KEY);
// surenessSecurityManager init
SurenessSecurityManager securityManager = SurenessSecurityManager.getInstance();
securityManager.setPathRoleMatcher(pathRoleMatcher);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册