这篇文章主要介绍了基于Java验证jwt token代码实例,文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值,需要的朋友可以参考下

How to load public certificate from pem file..?地址

1.HS256对称加密

package jwt;
 
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Date;
import java.util.Vector;
import java.util.Map;
 
import sun.misc.BASE64Decoder;
 
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
 
 
public class JWTValidator {
  private static String JWT_Type = "JWT";
   
  protected boolean validated;
  protected Object[] claims;
   
  public JWTValidator() {
    setValidated(false);
    setClaims(null);
  }
  public String Generate(String secret, String issuer, String audience, String subject){
    try {
      Algorithm algorithm = Algorithm.HMAC256(secret); // HS256
      String token = JWT.create()
        .withIssuer(issuer)
        .withAudience(audience)
        .withSubject(subject)
        .sign(algorithm);
      System.out.println(token);
      return token;
    } catch (Exception exception){
      //UTF-8 encoding not supported
      return "";
    }
  }
   
 
  public void Validate(String token, String secret, String issuer, String audience, String subject) {
    DecodedJWT jwt = null;
    setValidated(false);
     
    if (token == null || secret == null || issuer == null || audience == null || subject == null)
      return;
     
    try {
      jwt = JWT.require(Algorithm.HMAC256(secret.getBytes())).build().verify(token);
    } catch (JWTVerificationException e) {
      return;
    }
     
    if (jwt == null || jwt.getType() == null || !jwt.getType().contentEquals(JWT_Type))
      return;
     
    if (!jwt.getIssuer().contentEquals(issuer) ||
      !jwt.getAudience().contains(audience) ||
      !jwt.getSubject().contentEquals(subject))
      return;
     
    Date now = new Date();
     
    if ((jwt.getNotBefore() != null && jwt.getNotBefore().after(now)) ||
      (jwt.getExpiresAt() != null && jwt.getExpiresAt().before(now)))
      return;
     
    setValidated(true);
 
    Map<String, Claim> claimsMap = jwt.getClaims();
    Vector<Claim> claimsVector = new Vector<Claim>();
     
    if (claimsMap != null) {
      for (Map.Entry<String, Claim> entry : claimsMap.entrySet()) {
        String key = entry.getKey();
        if (key != null && !key.matches("aud|sub|iss|exp|iat")) {         
          //claimsVector.add(new Claim(key, entry.getValue().asString()));
        }
      }   
    }
 
    setClaims(claimsVector.isEmpty() ? null : claimsVector.toArray());
  }
 
  public boolean isValidated() { return validated; }
  public void setValidated(boolean val) { validated = val; }
 
  public Object[] getClaims() { return claims; }
  public void setClaims(Object[] val) { claims = (val == null ? new Object[0] : val); }
}