Generate and parse tokens using JWT

Jwt The full name is ：json web token. It encrypts user information to token in , The server does not save any user information . The server verifies... By using the saved key token The correctness of the , As long as it's right, it's verified .

token Usefulness ： When the user logs in for the first time , After the user name and password are verified successfully , The server will generate a token, hold token Return to client , commonly token Are stored in the browser localStorage or cookies in , There is localStorage Of token Need to pass through js, take token Add to http Request header , Visit the server next time , You don't need a username or password , Just bring it token, Server authentication token After the legitimacy of , You can access back-end resources .

utilize JWT Generate token, take userId Put it in and encrypt

//  Secret key 
	static final String SECRET = "X-Litemall-Token";
	//  Who generated the signature 
	static final String ISSUSER = "LITEMALL";
	//  The subject of the signature 
	static final String SUBJECT = "this is litemall token";
	//  Signed audience 
	static final String AUDIENCE = "MINIAPP";

public String createToken(Integer userId){
    
		try {
    
		    Algorithm algorithm = Algorithm.HMAC256(SECRET);
		    Map<String, Object> map = new HashMap<String, Object>();
		    Date nowDate = new Date();
		    //  Expiration time ：2 Hours 
		    Date expireDate = getAfterDate(nowDate,0,0,0,2,0,0);
	        map.put("alg", "HS256");
	        map.put("typ", "JWT");
		    String token = JWT.create()
		    	//  Set header information  Header
		    	.withHeader(map)
		    	//  Set up   load  Payload
		    	.withClaim("userId", userId)
		        .withIssuer(ISSUSER)
		        .withSubject(SUBJECT)
		        .withAudience(AUDIENCE)
		        //  When the signature was generated  
		        .withIssuedAt(nowDate)
		        //  When the signature expires  
		        .withExpiresAt(expireDate)
		        //  Signature  Signature
		        .sign(algorithm);
		    return token;
		} catch (JWTCreationException exception){
    
			exception.printStackTrace();
		}
		return null;
	}

// analysis token And in token Remove from userId
public Integer verifyTokenAndGetUserId(String token) {
    
		try {
    
		    Algorithm algorithm = Algorithm.HMAC256(SECRET);
		    JWTVerifier verifier = JWT.require(algorithm)
		        .withIssuer(ISSUSER)
		        .build();
		    DecodedJWT jwt = verifier.verify(token);
			// The above part is verified token Whether it is right ,verify Will be decoded in , You can directly use jwt Go to getClaims().
			
			/* public DecodedJWT verify(String token) throws JWTVerificationException { DecodedJWT jwt = JWT.decode(token); this.verifyAlgorithm(jwt, this.algorithm); this.algorithm.verify(jwt); this.verifyClaims(jwt, this.claims); return jwt; } */
			
			// Without the above verification , It can also be used directly JWT.decode(token) return jwt And then again getClaims()
		    Map<String, Claim> claims = jwt.getClaims();
		    Claim claim = claims.get("userId");
		    return claim.asInt();
		} catch (JWTVerificationException exception){
    
// exception.printStackTrace();
		}
		
		return 0;
	}