代码生产jwt单点登录
时间: 2023-10-07 18:12:08 浏览: 81
好的,关于代码生产jwt单点登录的问题,我可以为您提供一些相关的信息和建议。JWT是一种轻量级的身份验证和授权规范,可以用于实现单点登录功能。一般来说,生成JWT令牌需要使用一个密钥来签名,以确保令牌的完整性和真实性。您可以使用各种编程语言和框架来生成JWT令牌,例如Java的Spring Security、Python的PyJWT、Node.js的jsonwebtoken等等。希望这些信息对您有所帮助。
相关问题
使用Java代码实现jwt单点登录
以下是一个基本的Java代码实现JWT单点登录的示例:
1. 添加依赖
在 Maven 项目中添加以下依赖:
```
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
```
2. 生成 JWT Token
```
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
public class JwtUtils {
private static final String SECRET_KEY = "YOUR_SECRET_KEY";
private static final long EXPIRATION_TIME = 86400000; // 24小时
public static String generateToken(String username) {
Date now = new Date();
Date expiration = new Date(now.getTime() + EXPIRATION_TIME);
return Jwts.builder()
.setSubject(username)
.setIssuedAt(now)
.setExpiration(expiration)
.signWith(SignatureAlgorithm.HS256, SECRET_KEY)
.compact();
}
// 验证 Token 是否有效
public static boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token);
return true;
} catch(Exception ex) {
return false;
}
}
// 从 Token 中获取用户名
public static String getUsernameFromToken(String token) {
return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody().getSubject();
}
}
```
3. 验证 JWT Token
在需要验证用户身份的地方,可以使用以下代码验证 JWT Token:
```
import javax.servlet.http.HttpServletRequest;
import org.springframework.web.filter.OncePerRequestFilter;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.SignatureException;
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private static final String SECRET_KEY = "YOUR_SECRET_KEY";
private static final String TOKEN_PREFIX = "Bearer";
private static final String HEADER_STRING = "Authorization";
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String header = request.getHeader(HEADER_STRING);
if(header == null || !header.startsWith(TOKEN_PREFIX)) {
chain.doFilter(request, response);
return;
}
String token = header.replace(TOKEN_PREFIX, "").trim();
try {
Claims claims = Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
request.setAttribute("username", claims.getSubject());
} catch(SignatureException ex) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
chain.doFilter(request, response);
}
}
```
4. 配置 Spring Security
在 Spring Security 配置类中添加以下配置:
```
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationFilter jwtAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password(passwordEncoder().encode("admin123")).roles("ADMIN");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
```
以上就是一个基本的Java代码实现JWT单点登录的示例。需要注意的是,SECRET_KEY 应该是一个随机的字符串,不要泄露给其他人。此外,在实际应用中,应该使用数据库或其他存储来保存用户信息,而不是在配置文件中硬编码。
jwt实现单点登录代码
以下是使用JWT实现单点登录的代码示例:
```
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class JWTUtils {
private static final String SECRET_KEY = "yourSecretKey";
private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 24; // 24 hours
public static String generateToken(Map<String, String> payload) {
Date expirationDate = new Date(System.currentTimeMillis() + EXPIRATION_TIME);
return Jwts.builder()
.setClaims(payload)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS256, SECRET_KEY)
.compact();
}
public static Map<String, String> verifyToken(String token) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
return new HashMap<>(claims);
}
}
```
以上代码是一个简单的JWT工具类,用于生成和验证JWT令牌。核心方法包括:
1. `generateToken`:生成JWT令牌的方法。传入一个`payload`参数,其中包含要在令牌中存储的数据。方法内部会设置令牌的过期时间,并使用密钥对令牌进行签名,然后返回生成的令牌字符串。
2. `verifyToken`:验证JWT令牌的方法。传入一个令牌字符串作为参数,方法内部会解析令牌并验证签名。如果验证通过,将返回一个包含令牌中数据的`Map`对象。
注意:在实际使用中,你需要将`SECRET_KEY`替换为你自己的密钥,并根据实际需求调整`EXPIRATION_TIME`的值。
希望以上代码对你有所帮助。<span class="em">1</span><span class="em">2</span><span class="em">3</span>
#### 引用[.reference_title]
- *1* [详解使用JWT实现单点登录(完全跨域方案)](https://download.csdn.net/download/weixin_38715772/12938468)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v92^chatsearchT0_1"}}] [.reference_item style="max-width: 33.333333333333336%"]
- *2* [Spring Security基于JWT实现SSO单点登录详解](https://download.csdn.net/download/weixin_38697328/12746825)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v92^chatsearchT0_1"}}] [.reference_item style="max-width: 33.333333333333336%"]
- *3* [基于JWT实现单点登录](https://blog.csdn.net/Lyh_ok/article/details/124776718)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v92^chatsearchT0_1"}}] [.reference_item style="max-width: 33.333333333333336%"]
[ .reference_list ]