时间戳

首页 > 解决方案 > 通过比较多头来检查 JWT exp 字段

java - 通过比较多头来检查 JWT exp 字段

问题描述

我想检查我的 JWT 令牌是否仍然有效(exp 仍然在将来),但我不确定我做对了。

我的检查功能 -

public boolean checkForValidExpField(String jwtToken) throws JsonProcessingException, IOException {
    //split by .
    String[] split_string = jwtToken.split("\\.");
    //get body
    String base64EncodedBody = split_string[1];
    Base64 base64Url = new Base64(true);

    String body = new String(base64Url.decode(base64EncodedBody));
    //body to json
    ObjectMapper mapper = new ObjectMapper();
    JsonNode actualObj = mapper.readTree(body);
    //get exp 
    String exp = actualObj.get(JWT_EXP_KEY).asText(); //JWT_EXP_KEY = exp
    //to long
    long expLong = Long.parseLong(exp) * 1000;
    //get current TS
    long currentTime = System.currentTimeMillis();
    //check
    return expLong >= currentTime; 
}

还有一个简单的主要测试 -

public static void main(String [] args) throws JsonProcessingException, IOException {
    JWTCheckerUtil u = new JWTCheckerUtil();
    //expired
    String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlEwWXpOVFkzTWtZeFJUbERORFEzT0RNME5VSTBORFk1TmtRNFF6STNNekF6TVRWRU1VTkVNQSJ9.eyJodHRwczovL3NpZW1lbnMuY29tL2NsYWltcy93ZWJrZXlUeXBlIjoic2VydmljZSIsImh0dHBzOi8vc2llbWVucy5jb20vY2xhaW1zL3dlYmtleUlkIjoiY2xvdWRjcmF6ZS1iaWxsaW5ncHJvZmlsZXVwZGF0ZXIiLCJpc3MiOiJodHRwczovL3NwbG0uYXV0aDAuY29tLyIsInN1YiI6IlpGbTVZdmNYRUtMRVB4UHE1aHNrWGtVSVlxNVlTVXBLQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2JpbGxpbmctcHJvZGludGVnLnBlYXJsLmNvbSIsImlhdCI6MTU2NTYzMTMwNywiZXhwIjoxNTY1NzE3NzA3LCJhenAiOiJaRm01WXZjWEVLTEVQeFBxNWhza1hrVUlZcTVZU1VwSyIsInNjb3BlIjoiYmlsbGluZzphZG1pbjpwcm9maWxlIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.EIsAuwEA9jT5KNjCGfGoWyfu9P2-jwhGy_lDZVjwmi33p7do_0L7bXU71gjTipZ9usHCB-eOILRNUGybEe4ge9PpHg3C3SZEsPtYG80uThItbyKTwyc80Yeq-x_V7s4g3eq8PzAbRR4N_H_q3-urnLXNumT4qc7eV0IkD1ad468Ez5sLOii0zCOSx_Gsaos_xbz3zhs_u0D1YS8kWh_nPbWdv1kxa45eM-bzH7ePTkci_KHkJZ_6MZ3MrEBswHgmUSsgtqS9mJPve6MtgR0qEBla1dfHuW4uxEuWdWWCkyt5JBTfYuGodt3KkSha9URzPdugWTn8eb5gCZRYvj5jBQ";
    System.out.println(u.checkForValidExpField(token));
    //not expired
    String expToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlEwWXpOVFkzTWtZeFJUbERORFEzT0RNME5VSTBORFk1TmtRNFF6STNNekF6TVRWRU1VTkVNQSJ9.eyJodHRwczovL3NpZW1lbnMuY29tL2NsYWltcy93ZWJrZXlUeXBlIjoic2VydmljZSIsImh0dHBzOi8vc2llbWVucy5jb20vY2xhaW1zL3dlYmtleUlkIjoiY2xvdWRjcmF6ZS1iaWxsaW5ncHJvZmlsZXVwZGF0ZXIiLCJpc3MiOiJodHRwczovL3NwbG0uYXV0aDAuY29tLyIsInN1YiI6IlpGbTVZdmNYRUtMRVB4UHE1aHNrWGtVSVlxNVlTVXBLQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2JpbGxpbmctcHJvZGludGVnLnBlYXJsLmNvbSIsImlhdCI6MTU1OTc0NjIzMiwiZXhwIjoxNTU5ODMyNjMyLCJhenAiOiJaRm01WXZjWEVLTEVQeFBxNWhza1hrVUlZcTVZU1VwSyIsInNjb3BlIjoiYmlsbGluZzphZG1pbjpwcm9maWxlIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.lcciBBHyuCAkFmmUbMje8XeRFDCiPFpS0R0gdAhN-2SdY_RkawAbjZSLnH74ro8eU1vEsOuNQr1dtBYUSgMuJYVUb1YQBBQLtYWa5yasoX1AAOKZo5Gn3H5xf9WHajsIVAuew-2k6nh9088v334Agb7yd9JaziOm9r3XZeedlHl9hBC18SRoNrfH8oSoP8BLfCt0Okcse1KlnfYfjEAXvNT5nJ80tznIKOv1SR6P5YEXLdRNvXE-xNLnwpAge2I96b9ZhPaDrRZOh-fntkciWtwGn5woYCfzt5G3ooT6J2aVdaT6hfkka5pOoBR2UZzI9X75xpWZoMn4cbzwIJeE-Q";
    System.out.println(u.checkForValidExpField(expToken));
}

这是只检查 exp 字段的正确方法吗?我自己写的,所以我只是想确定一下。

谢谢你。

标签: javatimestampjwtjwt-auth

解决方案

exp声明(以及其他与时间相关的声明,如nbf)是数字日期:

JWT 文档 (RFC)定义了数字日期:

一个 JSON 数值,表示从 1970-01-01T00:00:00Z UTC 到指定 UTC 日期/时间的秒数,忽略闰秒。

因此,您确实可以比较代码中显示的 long 值,或者从 exp 值中减去当前时间以获得剩余时间。

推荐阅读