我编写代码以生成用于JWT的HS512密钥,并将使用该代码在jhipster中发布数据。
import org.springframework.boot.autoconfigure.SpringBootApplication;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
public class ProcessApplication {
private static String key = "random_secret_key";
private static String base64Key = DatatypeConverter.printBase64Binary(key.getBytes());
private static byte[] secretBytes = DatatypeConverter.parseBase64Binary(base64Key);
private static String generateToken(String subject, String auth) {
Date exp = new Date(System.currentTimeMillis() + (1000 * 120));
String token = Jwts.builder()
.setSubject(subject)
.claim("auth", auth)
.setExpiration(exp)
.signWith(SignatureAlgorithm.HS512, secretBytes)
.compact();
return token;
}
private static void verifyToken(String token) {
Claims claims = Jwts.parser()
.setSigningKey(secretBytes)
.parseClaimsJws(token).getBody();
System.out.println("----------------------------");
System.out.println("Issuer: " + claims);
System.out.println("Expiration : " + claims.getExpiration());
}
public static void main(String... args) throws Exception {
String token = generateToken("admin", "ROLE_ADMIN,ROLE_USER");
System.out.println("TOKEN :: "+token);
verifyToken(token);
ProcessApplication http = new
ProcessApplication();
System.out.println("\nTesting 2 - Send Http POST request");
http.sendPost(token);
}
}
// HTTP POST request
private void sendPost(String token) throws Exception {
String url = "http://localhost:8080/api/hussains";
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setDoOutput(true);
con.setDoInput(true);
//add request header
con.setRequestProperty("Content-Type", "application/json");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer "+token);
con.setRequestProperty("","http://localhost:8080/api/hussains");
// optional default is POST
con.setRequestMethod("POST");
//Create JSONObject here
JSONObject jsonParam = new JSONObject();
jsonParam.put("id","");
jsonParam.put("name",1001);
OutputStreamWriter out = new
OutputStreamWriter(con.getOutputStream());
out.write(jsonParam.toString());
out.close();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//print result
System.out.println(response.toString());
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Response Code : " + responseCode);
}
如果我使用Header,那么在使用API时会给我提供它
喜欢
con.setRequestProperty("Authorization", "Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOiJST0xFX0FETUlOLFJPTEVfVVNFUiIsImV4cCI6MTUzNDQ4MDc4MX0.WhFTB4CKjkCNJQMVtEpHDXNpXpe3cM9duOZj6QaJ01rWihW4SbfcVGO0vLkbl6w0lyrdoRkYuuHOCaLTaqvz9g");
如果使用Genartion JWT,则会给我错误
Send Http POST request
Exception in thread "main" java.io.IOException: Server returned HTTP response code: 401 for URL: http://localhost:8080/api/hussains
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
答案 0 :(得分:2)
您使用
private static String key = "random_secret_key";
从中生成secretBytes。当您将JWT发送到服务器时,他可能会尝试验证JWT。这包括验证作为JWT一部分的签名。为此,服务器需要知道共享机密random_secret_key,以便他可以从中生成相同的secreteBytes。如果没有这个,服务器将无法验证JWT的签名并将拒绝它。