Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to generate JWT". The explanation content in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian slowly and deeply to study and learn "how to generate JWT" together!

Nimbus Library

Nimbus JOSE library nimbus-jose-jwt is used by default in the latest Spring Security. This library is currently one of JOSE's most commonly used class libraries, and most of the retrofitting work has been done around it.

Share the process of transformation

The process is roughly the same as Spring Security's actual dry goods.

load certificate

The certificate still uses keytool to generate RSA keys of length 2048.

Here, we used the method of comparing "violence" to directly read KeyStore and then use public and private keys. This time, the certificate loaded in KeyStore is transformed into JWK(Json Web Key) in JOSE specification.

JWT

JWT is defined in Spring Security as an org.springframework.security.oauth3.jwt.Jwt object, and operations for JWT can be abstracted into two aspects.

Generating JWT

The first step is to create JWT. The current Spring Security itself does not provide this capability, only the Spring Authorization Server in incubation provides an abstract interface for generating JWT JwtEncoder:

@FunctionalInterface public interface JwtEncoder { Jwt encode(JoseHeader headers, JwtClaimsSet claims) throws JwtEncodingException; }

JWT headers and Claims are abstracted accordingly as JoseHeader and JwtClaimsSet.

So I used Nimbus to implement JwtEncoder, which is actually an implementation of Spring Authorization Server. Of course, it is not a copy of the original version, but only to ensure that the facade is consistent, so that if the project matures later, we can be seamlessly compatible.

Analyze JWT

Since there is JwtEncoder, there must be JwtDecoder. This is implemented in Spring Security OAuth3 Client, and is also slightly modified. In addition, this decoder is not only responsible for parsing JWT strings into JWT objects, it also undertakes verification functions, here there is a DelegateingOAuth3 TokenValidator, we can flexibly customize to implement multiple JWT verification policies.

Token pair

We all know that Tokens in JWT usually appear in pairs. Previously, we simply used a class to encapsulate the string form of accessToken and freshToken. OAuth3AccessTokenResponse provided by spring security oauth3 core is used this time:

public final class OAuth3AccessTokenResponse { private OAuth3AccessToken accessToken; private OAuth3RefreshToken refreshToken; private Map additionalParameters; }

This class expresses richer and more flexible content. The corresponding JSON:

{ "accessToken": { "tokenValue": "eyJraWQiOiJmZWxvcmRjbiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhbGwiLCJhdWQiOiJyb290IiwiaXNzIjoiaHR0cHM6XC9cL2ZlbG9yZC5jbiIsInNjb3BlcyI6WyJST0xFX0FETUlOIiwiUk9MRV9BUFAiXSwiZXhwIjoxNjE2ODM4NTg4LCJpYXQiOjE2MTY4MzQ5ODgsImp0aSI6IjBiYTUwZjFhLTI0N2YtNDJlYi05NzZiLTkyZWM5NDg2YjA2MCJ9.dwUK4ZgqhalKWu5AA8ZqaHjD2WPerhiF8lmybZGAorbncWdfVk7iAKUdRZunUekZmab_FsVpwprWIQpqSLtp6tz28sI71gO2StEeye5Vv4JRZKys68q2LGOAqMVJnBisEl211b5ASHSlP1qleU_TDxO_rgems76ZFD-kc1KmyelsoiBhmT3aD2_A_3fUmH7mV0jnC0rHauzOpS0AWnuPJaXbGPqrWotkQ_oqly47jipfNsPl_PUY1urng1wSx4QyblS8UgK-n5wJABhSN550WlwNLuC10ZckbhE5gazM0mD86mA_Xepe7LY5rjGNvO-Cz9k44TaURnTdSBdyy_EOiQ", "issuedAt": { "epochSecond": 1616834988, "nano": 891000000 }, "expiresAt": { "epochSecond": 1616838588, "nano": 891000000 }, "tokenType": { "value": "Bearer" }, "scopes": [ "ROLE_ADMIN", "ROLE_APP" ] }, "refreshToken": { "tokenValue": "eyJraWQiOiJmZWxvcmRjbiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhbGwiLCJhdWQiOiJyb290IiwiaXNzIjoiaHR0cHM6XC9cL2ZlbG9yZC5jbiIsInNjb3BlcyI6WyJST0xFX0FETUlOIiwiUk9MRV9BUFAiXSwiaWF0IjoxNjE2ODM0OTg4LCJqdGkiOiI3N2RhODk3NC0xMjM0LTQ5NzctOWU1MS1hOGY2NTdjMzA2NjAifQ.O9YYxkevkrTke7GbK2R5LGphnJ9vd07yFSwPs2gEZ94ObPkIs1wJ5gvlNOIlni_BYMNO-nMB8TiX0w-RQSwo-sbVLqeUHqv6NEXXmPJiWVmXTFVJf2b6lqW5Re7clXGvkFMw14ptAF6cpThDEE5XF4eCI8CDKKPWqNxY-8NvokwIY3NMXB1ofuHHRqjMyVUwNjOv6eaTJFTwebPy6Saem9kvaL_X1v9Drok6azbg5DSP1zKnbVazTaOs4aBZd5Firib3r_BGXdaJWAgJKfpP61__muVdujgkppMVU8fC9pqfnb6IqEaAOIZ69lrezA1K0QFinOhgcC2YZFxFoLL-IQ", "issuedAt": { "epochSecond": 1616834988, "nano": 891000000 }, "expiresAt": null }, "additionalParameters": {} } Thank you for reading, the above is the content of "How to generate JWT", after learning this article, I believe you have a deeper understanding of how to generate JWT this problem, the specific use needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.