jwt和java-jwt区别

JWT（JSON Web Token）是一种用于认证和授权的开放标准，它是基于JSON的一种简洁、自包含的安全传输格式。而Java-JWT则是一个用Java语言实现的JWT库，它提供了创建、解析、验证JWT的API。

因此，JWT是一种标准，而Java-JWT是一个具体实现。Java-JWT库提供了一些方便的API，使得在Java应用程序中使用JWT更加容易，可以直接使用Java-JWT库中提供的API完成JWT的创建、解析和验证操作。

相关问题

jjwt和 java-jwt 区别

C知道：jjwt和java-jwt是两个不同的JWT（JSON Web Token）库，用于在Java应用程序中处理JWT。它们有以下区别：

1. 库的名称：jjwt是Java JWT的缩写，而java-jwt是java-jwt的全称。这是它们最直观的区别之一。

2. 开发者和维护：jjwt是由Auth0团队开发和维护的，而java-jwt是由Auth0公司的开放源代码小组维护的。

3. 版本：jjwt库目前最新的版本是0.11.2，而java-jwt库的最新版本是3.12.0。这意味着它们的功能和API可能有所不同。

4. 依赖性：jjwt库不依赖于其他外部库，可以直接在项目中使用。而java-jwt库依赖于一个JSON处理库，如Jackson或Gson，您需要在项目中添加这些依赖项。

5. 功能和API：尽管两个库都提供了JWT的创建、解析和验证功能，但它们的API略有不同。jjwt库提供了一些额外的功能，如流式API和更多的配置选项，使其更加灵活和强大。

总的来说，jjwt和java-jwt都是强大的Java JWT库，您可以根据您的需求和偏好选择其中之一。

SpringBoot整合JWT 用java-jwt依赖包实现

可以通过以下步骤在Spring Boot中集成JWT：

1. 添加java-jwt依赖包到pom.xml文件中：

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.18.1</version>
</dependency>

2. 创建一个JWT工具类来生成和验证JWT令牌：

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.Date;

public class JwtUtils {

    private static final long EXPIRATION_TIME = 86400000; // 24 hours
    private static final String SECRET = "mySecret";
    private static final String ISSUER = "myIssuer";

    public static String generateToken(String username) {
        Date now = new Date();
        Date expiryDate = new Date(now.getTime() + EXPIRATION_TIME);

        return JWT.create()
                .withSubject(username)
                .withIssuer(ISSUER)
                .withIssuedAt(now)
                .withExpiresAt(expiryDate)
                .sign(Algorithm.HMAC512(SECRET));
    }

    public static String getUsernameFromToken(String token) throws JWTVerificationException {
        DecodedJWT jwt = JWT.require(Algorithm.HMAC512(SECRET))
                .withIssuer(ISSUER)
                .build()
                .verify(token);

        return jwt.getSubject();
    }
}

3. 在Spring Security配置中添加JWT过滤器，以验证JWT令牌：

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Configuration
@Order(1)
public class JwtConfig extends SecurityConfigurerAdapter<javax.servlet.Filter, HttpSecurity> {

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
        jwtAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
        jwtAuthenticationFilter.setAuthenticationFailureHandler(new JwtAuthenticationFailureHandler());
        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    }

    private class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

        @Override
        public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
            String token = request.getHeader("Authorization");

            if (token == null || !token.startsWith("Bearer ")) {
                throw new JwtAuthenticationException("Invalid JWT token");
            }

            String username = JwtUtils.getUsernameFromToken(token.substring(7));

            if (username == null) {
                throw new JwtAuthenticationException("Invalid JWT token");
            }

            return jwtAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(username, ""));
        }

        @Override
        protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
            super.successfulAuthentication(request, response, chain, authResult);
            chain.doFilter(request, response);
        }
    }

    private class JwtAuthenticationFailureHandler extends HttpStatusEntryPoint {

        @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
        }
    }
}

4. 创建一个JwtAuthenticationProvider来验证用户名和密码：

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
public class JwtAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String password = (String) authentication.getCredentials();

        UserDetails userDetails = userDetailsService.loadUserByUsername(username);

        if (!passwordEncoder.matches(password, userDetails.getPassword())) {
            throw new JwtAuthenticationException("Invalid username or password");
        }

        return new UsernamePasswordAuthenticationToken(username, password, userDetails.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}

5. 在Spring Security配置中添加JwtConfig：

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(jwtAuthenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .antMatcher("/**")
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and()
                .apply(new JwtConfig());
    }
}

现在你就可以在Spring Boot应用程序中使用JWT进行身份验证了。