spring - 从 jwt 令牌中提取值
问题描述
我正在尝试创建一个新用户并使用 JWT 令牌对用户进行身份验证。令牌正在创建,但是当我尝试从令牌中提取值时,所有值都以null. jwtUtil.extractClaims()应该从令牌中提取值,但所有值都是空的。
@GetMapping("/register/code/{token}")
public HashMap<String, Object> register(@PathVariable("token") String token, HttpServletResponse httpServletResponse) {
HashMap<String, Object> response = new HashMap<>();
System.out.println(token);
if (!jwtUtil.isTokenExpired(token)){
System.out.println("User");
User user = new User(
(String) jwtUtil.extractAllClaims(token).get("email"),
(String) jwtUtil.extractAllClaims(token).get("phoneNumber"),
(String) jwtUtil.extractAllClaims(token).get("ppUrl"),
(String) jwtUtil.extractAllClaims(token).get("password")
);
System.out.println("User email "+jwtUtil.extractAllClaims(token).get("email"));
String encodedPassword = passwordEncoder.encode(user.getPassword());
// System.out.println(encodedPassword + " THIS IS THE ENCODED PASSWORD" +
// authenticationRequest.getPassword());
user.setPassword(encodedPassword);
if (user.getProfilePicture() == null) {
user.setProfilePicture("default.png");
}
User savedUser = userRepository.save(user);
response.put("success", true);
response.put("message", "User Registered is Succesfull");
System.out.println("mail verified");
try {
httpServletResponse.sendRedirect("/app");
} catch (IOException e) {
e.printStackTrace();
}
return response;
} else {
response.put("success", false);
response.put("message", "User Registered is not Succesfull!");
return response;
}
}
extractClaims()如下:
public Claims extractAllClaims(String token) {
System.out.println(Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody());
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
}
我还能如何从令牌中提取值。
编辑添加令牌生成代码:
public String generateToken(User user) {
Map<String, Object> claims = new HashMap<>();
claims.put("user", user);
return createToken(claims);
}
private String createToken(Map<String, Object> claims) {
System.out.println("Claims inside createToken "+claims);
return Jwts.builder().setClaims(claims).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
.signWith(SignatureAlgorithm.HS256, secret).compact();
}
解决方案
尝试使用 extractClaim 而不是 extractAllClaims。所以像这样:
public String extractUsername(String token) {
return extractClaim(token, Claims::getSubject);
}
并创建方法 extractClaim:
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}
编辑:您应该在使用 setSubject 进行 Jwts 构建器时添加用户:
return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
.signWith(SignatureAlgorithm.HS256, secret).compact();