1. 首页
  2. 问答
  3. JWT无效签名

JWT无效签名

2016-08-22 243 views
0

我正在尝试使用json Web令牌开发我的应用程序。我决定使用jjwt,但它不起作用。我有以下片段JWT无效签名

Jwts.parser() 
     .setSigningKey(secretKey) 
     .parseClaimsJws(token) 
     .getBody()

它总是抛出异常。

我试图生成与下面的代码

String compactJws = Jwts.builder() 
      .setSubject("Joe") 
      .signWith(SignatureAlgorithm.HS256, "secret") 
      .compact();

令牌,当我在这里https://jwt.io/粘贴此令牌我得到了,这是无效的信息。哪里不对 ?

来源

2016-08-22 Andayz

+0

的[与Java JJWT签名生成的jwt.io调试失败]可能的复制(http://stackoverflow.com/questions/38263680/generated-with-java-jjwt-signature-fails-at-jwt -io调试器) – pedrofb

回答

0

您正在传递一个明文密钥signWith方法,这就是问题;

作为每JJWT源代码:

/** 
331  * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
332  * 
333  * <p>This is a convenience method: the string argument is first BASE64-decoded to a byte array and this resulting 
334  * byte array is used to invoke {@link #signWith(SignatureAlgorithm, byte[])}.</p> 
335  * 
336  * @param alg     the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
337  * @param base64EncodedSecretKey the BASE64-encoded algorithm-specific signing key to use to digitally sign the 
338  *        JWT. 
339  * @return the builder for method chaining. 
340  */ 
341  JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey); 
342 

343  /** 
344  * Signs the constructed JWT using the specified algorithm with the specified key, producing a JWS. 
345  * 
346  * @param alg the JWS algorithm to use to digitally sign the JWT, thereby producing a JWS. 
347  * @param key the algorithm-specific signing key to use to digitally sign the JWT. 
348  * @return the builder for method chaining. 
349  */ 
350  JwtBuilder signWith(SignatureAlgorithm alg, Key key);

传递包含该键的基-64串,或声明Key对象并通过相关的信息来构建它。 如在例如:

byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("c2VjcmV0");//this has to be base-64 encoded, it reads 'secret' if we de-encoded it 
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); 

    //Let's set the JWT Claims 
JwtBuilder builder = Jwts.builder().setId(id) 
           .setIssuedAt(now) 
           .setSubject(subject) 
           .setIssuer(issuer) 
           .signWith(signatureAlgorithm, signingKey);

来源

2016-08-22 20:24:18

0

我认为你正在做的事情错* .setSigningKey(秘密密钥)*。 这里是完整的代码,说明如何使用智威汤逊验证令牌。

package com.brajesh.test; 
import java.security.Key; 
import java.util.Date; 
import java.util.UUID; 
import javax.crypto.spec.SecretKeySpec; 
import javax.xml.bind.DatatypeConverter; 
import io.jsonwebtoken.Claims; 
import io.jsonwebtoken.JwtBuilder; 
import io.jsonwebtoken.Jwts; 
import io.jsonwebtoken.SignatureAlgorithm; 

public class JwtTokenDemo { 

    private String secretKey; 

    public static void main(String[] args) { 
     JwtTokenDemo jwtTokenDemo = new JwtTokenDemo(); 
     String tokens = jwtTokenDemo.createJWT("123", "thriev.com", "[email protected]", 12999L); 
     System.out.println("tokens : "+tokens); 

     System.out.println("========AFTER============"); 
     jwtTokenDemo.parseJWT(tokens); 
    } 


    //Sample method to validate and read the JWT 
    private void parseJWT(String jwt) { 
    //This line will throw an exception if it is not a signed JWS (as expected) 
    Claims claims = Jwts.parser()   
     .setSigningKey(DatatypeConverter.parseBase64Binary(secretKey)) 
     .parseClaimsJws(jwt).getBody(); 
     System.out.println("ID: " + claims.getId()); 
     System.out.println("Subject: " + claims.getSubject()); 
     System.out.println("Issuer: " + claims.getIssuer()); 
     System.out.println("Expiration: " + claims.getExpiration()); 
    } 
/** 
* 
* @param id 
* @param issuer 
* @param subject 
* @param ttlMillis 
* @return 
*/ 
private String createJWT(String id, String issuer, String subject, long ttlMillis) { 

    //The JWT signature algorithm we will be using to sign the token 
    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; 

    long nowMillis = System.currentTimeMillis(); 
    Date now = new Date(nowMillis); 
    String keys = UUID.randomUUID().toString(); 
    System.out.println(keys); 
    this.secretKey = keys; 

    byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(keys); 
    Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName()); 


    JwtBuilder builder = Jwts.builder().setId(id) 
           .setIssuedAt(now) 
           .setSubject(subject) 
           .setIssuer(issuer) 
           .signWith(signatureAlgorithm, signingKey); 

    if (ttlMillis >= 0) { 
    long expMillis = nowMillis + ttlMillis; 
     Date exp = new Date(expMillis); 
     builder.setExpiration(exp); 
    } 
    return builder.compact(); 
} 
}

来源

2017-12-16 06:34:13 BR001

相关问题

 相关问题