Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you a brief introduction to the Java Jwt library and how to use it. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

JWT introduces the concept of JWT

JWT, full-write JSON Web Token, is an open industry standard RFC7591 for end-to-end security verification.

To put it simply, some algorithms are used to encrypt and decrypt the encrypted string and the JSON object.

Json is encrypted by JWT and saved on the client side. There is no need to save session information on the server side. The backend encrypts the user information entered by the front end to generate a token string, which is appended when the front end requests again, and the back end uses the algorithm to decrypt it

JWT process:

The composition of JWT

JWT string: an encrypted JSON string.

Contains three types of information

Header header: Token type and encryption algorithm. The common encryption algorithms are MD5, SHA, HMAC (Hash Message Authentication Code).

PayLoad payload: stores valid information, including

1. Standard declaration, similar to the general keyword of the development language. Include

Iss (Issuser)-issuer

Sub Subject is agent-oriented

Aud Audience recipient

Exp Expiration time expiration timestamp

Nbf Not Before, effective timestamp

Iat (Issued at) time of issue

Jti (JWT ID): unique identification

two。 Public statement: generally add necessary business-related information because it can be decrypted and sensitive information is not recommended.

3. Private declaration: provider and consumer jointly defined declaration, Base64 symmetrically decrypted, sensitive information not recommended

Signature visa

Visa information consists of three parts:

Base64 encrypted header

Base64 encrypted payload

Secret- key

Use the encryption algorithm declared in header to encrypt the encrypted connection strings of Header and payload with salt secret combination encryption.

The key is stored in the server, and the server decrypts and verifies according to the key.

JWT and Development language

JWT is just a standard.

Can be implemented through a variety of development languages, including Java,.NET, Python,Node Js, JavaScript,Perl, Ruby,Go and so on.

Different developers of the same language provide a variety of implementation libraries. Taking Java as an example, there are java-jwt, jose4j, nimbus-jose-jwt and jjwt.

JWT official website

Https://jwt.io/

This site provides online conversion tools for strings and JSON objects based on different algorithms, as well as a collection of implementation libraries for different languages.

Java-jwt

Java-jwt is the recommended JWT implementation library in the Java language. Import it using Maven as follows:

Com.auth0 java-jwt 3.8.3

Generate encrypted Token

String token = JWT.create () .withExpiresAt (newDate (System.currentTimeMillis () / / set the expiration time. Withaudience ("user1") / / set the recipient information, generally login user .sign (Algorithm.HMAC256 ("111111")); / / use HMAC algorithm, 111111 as key encryption

Decrypt Token to get load information and verify whether Token is valid

String userId = JWT.decode (token). GetAudience (). Get (0); Assertions.assertEquals ("user1", userId); JWTVerifier jwtVerifier = JWT.require (Algorithm.HMAC256 ("111111")). Build (); jwtVerifier.verify (token); this is the brief introduction and usage of the Java Jwt library shared by Xiaobian. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.