Current location - Quotes Website - Signature design - Detailed explanation of JWT token
Detailed explanation of JWT token
JWT is the abbreviation of JSON Web Token, which is a lightweight specification and an open industry standard. It defines a simple and independent protocol format, which allows us to use JWT to transmit safe and reliable messages between users and servers.

JWT is actually a string, which consists of three parts, header, payload and signature.

The header describes the most basic information about JWT, such as its type and the algorithm used for signature.

For example {"type":"JWT ","alg":"HS256"}

Its header indicates that the signature algorithm is HS256 algorithm.

HMAC algorithm (asymmetric)

SH256

Republic of South Africa (Republic of South Africa)

A load is a place where valid information is stored.

Define a payload: {"sub": "1234567890", "name": "John Doe", "admin": true}

Visa consists of three parts. The header encrypted by base64 and the payload encrypted by base64 are connected to form a string.

Then the salt-dense combination encryption is carried out by the encryption method declared in the header.

1 and jwt are based on json, which is very convenient to parse.

2. Rich content can be customized in the token, which is easy to expand.

3. Through asymmetric encryption algorithm and digital signature technology, JWT can prevent tampering and has high security.

4. With JWT, resource services can complete authorization without relying on authentication services.

JWT tokens are very long and take up a lot of storage space.

A public key corresponds to a private key, and the private key is used as a signature to encrypt JWT, so the corresponding public key needs to be generated here:

Enter the keystore password:? keytool-list-keystore Chang Gou . jks

The information displayed is:

Keystore type: jks

Keystore provider: SUN

Your keystore contains 1 entries.

Changgou 2020-7-28 private key entry,

Certificate fingerprint (sha1): 45: 2e: 51:8b: 84: 86: 03: 8c: af: 99:14: 5f: 4f: D6: 98: 33: 39: 92: 39.

You can get the public key by entering the following command:

Remarks: classPathResource: private key location;

New KeyStoreKeyFactory: To create a private key factory, you need two parameters: the password stored by the private key and the location of the private key;

Keystorekeyfactory.getkeyPair (alias, password.tochararray): get the keyPair object, and keyPair.getPrivate () is to get the private key;

Obtain the token according to the private key: jwthelper.encode (JSON.tojsonstring (map, new RSA signer));

Related articles
  • Is it valid to sign a divorce agreement in court?
  • Ask for a mysterious signature
  • A letter to all the members of Class 46.
  • How to open an account in Guotai Junan?
  • How to apply for rural credit cooperative e-loan online?
  • What are some tips for creative wedding logo design?
  • Some things that fresh graduates should pay attention to when filling out their resume
  • Question from a novice cashier: If the company directly transfers money for online shopping, who will sign the payee on the expense reimbursement form?
  • Seeking Conan's latest classic sentences
  • Farewell messages from comrades-in-arms

    • copyright 2024 Quotes Website All rights reserved