JSON 具有 HMAC 保护的 Web 令牌 (JWT) - 导致版本 4.23 出错
JSON Web Token (JWT) with HMAC protection - causing error with version 4.23
我之前使用的是 nimbus-jose-jwt 版本 3.12,下面的代码运行良好。但是当我更新 nimbus-jose-jwt 版本 4.23 时,我看到以下错误
java.lang.Error: Unresolved compilation problems:
The constructor JWTClaimsSet() is undefined
The method setSubject(String) is undefined for the type JWTClaimsSet
The method setIssuer(String) is undefined for the type JWTClaimsSet
The method setExpirationTime(Date) is undefined for the type JWTClaimsSet
at springdemo.jwt.JWTWithHMACProtection.test(JWTWithHMACProtection.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.junit.runners.model.FrameworkMethod.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access[=11=]0(ParentRunner.java:58)
at org.junit.runners.ParentRunner.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
不知道需要修改什么代码,请指导
参考代码:
@Test
public void test() throws KeyLengthException {
// Generate random 256-bit (32-byte) shared secret
SecureRandom random = new SecureRandom();
byte[] sharedSecret = new byte[32];
random.nextBytes(sharedSecret);
// Create HMAC signer
JWSSigner signer = new MACSigner(sharedSecret);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setSubject("alice");
claimsSet.setIssuer("https://c2id.com");
claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 1000));
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
// Apply the HMAC protection
signedJWT.sign(signer);
// Serialize to compact form, produces something like
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
String s = signedJWT.serialize();
// On the consumer side, parse the JWS and verify its HMAC
signedJWT = SignedJWT.parse(s);
JWSVerifier verifier = new MACVerifier(sharedSecret);
Assert.assertTrue(signedJWT.verify(verifier));
// Retrieve / verify the JWT claims according to the app requirements
Assert.assertEquals("alice", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("https://c2id.com", signedJWT.getJWTClaimsSet().getIssuer());
Assert.assertTrue(new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime()));
}
我找到了这个问题的解决方案。只需使用以下代码。完毕!最新代码
@Test
public void test() throws JOSEException, ParseException {
// Generate random 256-bit (32-byte) shared secret
SecureRandom random = new SecureRandom();
byte[] sharedSecret = new byte[32];
random.nextBytes(sharedSecret);
// Create HMAC signer
JWSSigner signer = new MACSigner(sharedSecret);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("alice")
.issuer("https://c2id.com")
.expirationTime(addOneHour(new Date()))
.claim("http://example.com/is_root", true)
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
// Apply the HMAC protection
signedJWT.sign(signer);
// Serialize to compact form, produces something like
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
String token = signedJWT.serialize();
System.out.println("Token : "+token);
// On the consumer side, parse the JWS and verify its HMAC
signedJWT = SignedJWT.parse(token);
JWSVerifier verifier = new MACVerifier(sharedSecret);
Assert.assertTrue(signedJWT.verify(verifier));
// Retrieve / verify the JWT claims according to the app requirements
Assert.assertEquals("alice", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("https://c2id.com", signedJWT.getJWTClaimsSet().getIssuer());
Date date1 = new Date();
Date date2 = signedJWT.getJWTClaimsSet().getExpirationTime();
Assert.assertTrue(date1.compareTo(date2) > 0);
}
private Date addOneHour(Date currentDate){
DateTime dateTime = new DateTime(currentDate);
Date plusOnehour = dateTime.toDate();
return plusOnehour;
}
我之前使用的是 nimbus-jose-jwt 版本 3.12,下面的代码运行良好。但是当我更新 nimbus-jose-jwt 版本 4.23 时,我看到以下错误
java.lang.Error: Unresolved compilation problems:
The constructor JWTClaimsSet() is undefined
The method setSubject(String) is undefined for the type JWTClaimsSet
The method setIssuer(String) is undefined for the type JWTClaimsSet
The method setExpirationTime(Date) is undefined for the type JWTClaimsSet
at springdemo.jwt.JWTWithHMACProtection.test(JWTWithHMACProtection.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.junit.runners.model.FrameworkMethod.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access[=11=]0(ParentRunner.java:58)
at org.junit.runners.ParentRunner.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
不知道需要修改什么代码,请指导
参考代码:
@Test
public void test() throws KeyLengthException {
// Generate random 256-bit (32-byte) shared secret
SecureRandom random = new SecureRandom();
byte[] sharedSecret = new byte[32];
random.nextBytes(sharedSecret);
// Create HMAC signer
JWSSigner signer = new MACSigner(sharedSecret);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setSubject("alice");
claimsSet.setIssuer("https://c2id.com");
claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 1000));
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
// Apply the HMAC protection
signedJWT.sign(signer);
// Serialize to compact form, produces something like
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
String s = signedJWT.serialize();
// On the consumer side, parse the JWS and verify its HMAC
signedJWT = SignedJWT.parse(s);
JWSVerifier verifier = new MACVerifier(sharedSecret);
Assert.assertTrue(signedJWT.verify(verifier));
// Retrieve / verify the JWT claims according to the app requirements
Assert.assertEquals("alice", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("https://c2id.com", signedJWT.getJWTClaimsSet().getIssuer());
Assert.assertTrue(new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime()));
}
我找到了这个问题的解决方案。只需使用以下代码。完毕!最新代码
@Test
public void test() throws JOSEException, ParseException {
// Generate random 256-bit (32-byte) shared secret
SecureRandom random = new SecureRandom();
byte[] sharedSecret = new byte[32];
random.nextBytes(sharedSecret);
// Create HMAC signer
JWSSigner signer = new MACSigner(sharedSecret);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("alice")
.issuer("https://c2id.com")
.expirationTime(addOneHour(new Date()))
.claim("http://example.com/is_root", true)
.build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
// Apply the HMAC protection
signedJWT.sign(signer);
// Serialize to compact form, produces something like
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
String token = signedJWT.serialize();
System.out.println("Token : "+token);
// On the consumer side, parse the JWS and verify its HMAC
signedJWT = SignedJWT.parse(token);
JWSVerifier verifier = new MACVerifier(sharedSecret);
Assert.assertTrue(signedJWT.verify(verifier));
// Retrieve / verify the JWT claims according to the app requirements
Assert.assertEquals("alice", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("https://c2id.com", signedJWT.getJWTClaimsSet().getIssuer());
Date date1 = new Date();
Date date2 = signedJWT.getJWTClaimsSet().getExpirationTime();
Assert.assertTrue(date1.compareTo(date2) > 0);
}
private Date addOneHour(Date currentDate){
DateTime dateTime = new DateTime(currentDate);
Date plusOnehour = dateTime.toDate();
return plusOnehour;
}