java - 通过比较多头来检查 JWT exp 字段
问题描述
我想检查我的 JWT 令牌是否仍然有效(exp 仍然在将来),但我不确定我做对了。
我的检查功能 -
public boolean checkForValidExpField(String jwtToken) throws JsonProcessingException, IOException {
//split by .
String[] split_string = jwtToken.split("\\.");
//get body
String base64EncodedBody = split_string[1];
Base64 base64Url = new Base64(true);
String body = new String(base64Url.decode(base64EncodedBody));
//body to json
ObjectMapper mapper = new ObjectMapper();
JsonNode actualObj = mapper.readTree(body);
//get exp
String exp = actualObj.get(JWT_EXP_KEY).asText(); //JWT_EXP_KEY = exp
//to long
long expLong = Long.parseLong(exp) * 1000;
//get current TS
long currentTime = System.currentTimeMillis();
//check
return expLong >= currentTime;
}
还有一个简单的主要测试 -
public static void main(String [] args) throws JsonProcessingException, IOException {
JWTCheckerUtil u = new JWTCheckerUtil();
//expired
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlEwWXpOVFkzTWtZeFJUbERORFEzT0RNME5VSTBORFk1TmtRNFF6STNNekF6TVRWRU1VTkVNQSJ9.eyJodHRwczovL3NpZW1lbnMuY29tL2NsYWltcy93ZWJrZXlUeXBlIjoic2VydmljZSIsImh0dHBzOi8vc2llbWVucy5jb20vY2xhaW1zL3dlYmtleUlkIjoiY2xvdWRjcmF6ZS1iaWxsaW5ncHJvZmlsZXVwZGF0ZXIiLCJpc3MiOiJodHRwczovL3NwbG0uYXV0aDAuY29tLyIsInN1YiI6IlpGbTVZdmNYRUtMRVB4UHE1aHNrWGtVSVlxNVlTVXBLQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2JpbGxpbmctcHJvZGludGVnLnBlYXJsLmNvbSIsImlhdCI6MTU2NTYzMTMwNywiZXhwIjoxNTY1NzE3NzA3LCJhenAiOiJaRm01WXZjWEVLTEVQeFBxNWhza1hrVUlZcTVZU1VwSyIsInNjb3BlIjoiYmlsbGluZzphZG1pbjpwcm9maWxlIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.EIsAuwEA9jT5KNjCGfGoWyfu9P2-jwhGy_lDZVjwmi33p7do_0L7bXU71gjTipZ9usHCB-eOILRNUGybEe4ge9PpHg3C3SZEsPtYG80uThItbyKTwyc80Yeq-x_V7s4g3eq8PzAbRR4N_H_q3-urnLXNumT4qc7eV0IkD1ad468Ez5sLOii0zCOSx_Gsaos_xbz3zhs_u0D1YS8kWh_nPbWdv1kxa45eM-bzH7ePTkci_KHkJZ_6MZ3MrEBswHgmUSsgtqS9mJPve6MtgR0qEBla1dfHuW4uxEuWdWWCkyt5JBTfYuGodt3KkSha9URzPdugWTn8eb5gCZRYvj5jBQ";
System.out.println(u.checkForValidExpField(token));
//not expired
String expToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlEwWXpOVFkzTWtZeFJUbERORFEzT0RNME5VSTBORFk1TmtRNFF6STNNekF6TVRWRU1VTkVNQSJ9.eyJodHRwczovL3NpZW1lbnMuY29tL2NsYWltcy93ZWJrZXlUeXBlIjoic2VydmljZSIsImh0dHBzOi8vc2llbWVucy5jb20vY2xhaW1zL3dlYmtleUlkIjoiY2xvdWRjcmF6ZS1iaWxsaW5ncHJvZmlsZXVwZGF0ZXIiLCJpc3MiOiJodHRwczovL3NwbG0uYXV0aDAuY29tLyIsInN1YiI6IlpGbTVZdmNYRUtMRVB4UHE1aHNrWGtVSVlxNVlTVXBLQGNsaWVudHMiLCJhdWQiOiJodHRwczovL2JpbGxpbmctcHJvZGludGVnLnBlYXJsLmNvbSIsImlhdCI6MTU1OTc0NjIzMiwiZXhwIjoxNTU5ODMyNjMyLCJhenAiOiJaRm01WXZjWEVLTEVQeFBxNWhza1hrVUlZcTVZU1VwSyIsInNjb3BlIjoiYmlsbGluZzphZG1pbjpwcm9maWxlIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.lcciBBHyuCAkFmmUbMje8XeRFDCiPFpS0R0gdAhN-2SdY_RkawAbjZSLnH74ro8eU1vEsOuNQr1dtBYUSgMuJYVUb1YQBBQLtYWa5yasoX1AAOKZo5Gn3H5xf9WHajsIVAuew-2k6nh9088v334Agb7yd9JaziOm9r3XZeedlHl9hBC18SRoNrfH8oSoP8BLfCt0Okcse1KlnfYfjEAXvNT5nJ80tznIKOv1SR6P5YEXLdRNvXE-xNLnwpAge2I96b9ZhPaDrRZOh-fntkciWtwGn5woYCfzt5G3ooT6J2aVdaT6hfkka5pOoBR2UZzI9X75xpWZoMn4cbzwIJeE-Q";
System.out.println(u.checkForValidExpField(expToken));
}
这是只检查 exp 字段的正确方法吗?我自己写的,所以我只是想确定一下。
谢谢你。
解决方案
exp
声明(以及其他与时间相关的声明,如nbf
)是数字日期:
JWT 文档 (RFC)定义了数字日期:
一个 JSON 数值,表示从 1970-01-01T00:00:00Z UTC 到指定 UTC 日期/时间的秒数,忽略闰秒。
因此,您确实可以比较代码中显示的 long 值,或者从 exp 值中减去当前时间以获得剩余时间。
推荐阅读
- javascript - 聚合然后更新到其他集合
- mysql - 如何编写sql查询以选择列名中带有空格的列?
- mongodb - 在 DateOperator-Projection Aggregate-MongoTemplate 中获取 NULL 值
- xml - XML 到 SOAP 给出错误的输出
- python - 抓取时激活按钮以进入下一页(Python,BeautifulSoup)
- javascript - 将键对象映射到值数组
- c# - 计算用户在不和谐机器人语音通道中的时间
- javascript - 使用可排序的 jquery 检查 div 内图像的顺序
- django - Django如何仅查询在多对一条件下完全满足过滤条件的记录
- amazon-web-services - Amazon AWS 和 MS Azure 上的 Elasticsearch 跨集群复制 (CCR)