- 浏览: 2542968 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Auth Solution(3)JWT in Java and PHP Sample
Here is my Example in JAVA which can generate the RSA 512 private key and public key.
In side the java example, we can use the private key to sign our content, time and etc to generate a token.
https://github.com/luohuazju/sillycat-authcenter
RSACoder class, when we run it, it will generate the private key and public key pair in strings as follow for example:
privateKey:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLl3YRnsI8ZMlBF9F/naLo7KjZP6VRwU+KtqDyRwHBUNn2PUhU1RaoODiLrWcFJ7awF6LzNZ3K5rfCrrt31LJ6pEgMt1g+09ShlFoycU9DGk2URBDc3ZWiGm3iR19UyFzpjVuGfbQvsr3rYfvpHKsnamk3WEu3ZGzm64bY905JtAgMBAAECgYAuF2UkOObXZ4F8Bxn4H5Hu8VFl3t7Z33rtWxqOSGsRRdEoNmXKiwgg0TA5NPPSBe8TNA6Lnkw51bcH2+PY0dMlu0CpsomEFOMZo016jf+rMmldXZiRccSdNrmMrSU1HXBQGgcIZ09BvGjV1Xcvukqu4hcw2Cx2tR1arfz8LhJMwQJBAN8qKn9Fnc1huDIR6U0043nWLioMTp/l0M+CyYPe69A7FuS+vyF83ZSYDh50bByPGpIpBimTP8/der0/M7RDshECQQDNOFLlEPGG61nn7Ah9KZzeDW/NsgOS7xb5iYYfm1Tlot2r0ZMe5Yl7+EePxV76GcOeKfJXC2TQIJgFU6NI+36dAkEAtrG6YL8JVN4vAS6QpFgr8c5ZtKqmo1hs/bTAbGjO/IWjVFij+DJU5BUnWd9NsoOk6QsUtGyLzQwwM0XOekEBQQJAYPWflMKwmsJPtBf82sXya6eFj3Xv4lg8TqH/UKefMPAGM8vM6uggUQY5KWBjQ18w4WWILkAf3YXIzZt6plzMsQJBAK3EmpqWbr6uzMUKG9NKdpPHpbjSFpY1IZ5pe9HBcJloEAdqJTx3uvdyLHYwBOfkZrpIA5glBjpgeEuOgJMOixE=
publicKey:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
In my sample, copy the keys to the second class JWTJavaWithPublicPrivateKey
Run the class JWTJavaWithPublicPrivateKey, it will use the private key to generate a token:
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Actually, the content in the token is
yiyikang
user
1556838165259
These JAVA code can easily use public key to decode that contents from the token.
Image we have 2 separate servers,
Auth Server will host the private key and sign the contents (username, email, profiles, expiration date and etc) to generate a token string and response back.
Resource Server will host the public key and verify the token, #1, if this token is from Auth Server, expiration data passed? #2 get other contents if #1 pass
In this case, resource server do not need to talk to Auth Server to verify anything, once it has the public key, it can do the decode and verify.
Token and all these methods they are standard, so go to this website
https://jwt.io/
Paste the token in that window
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Put our public key there in the window as well
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
-----END PUBLIC KEY-----
It will share with us, the Signature Verified and all the contents we have.
That is to say, our token is standard. Other codes/SDK/library can decode and verify as well.
There is a list of libraries in that website.
I only pick up a PHP as an example to verify. The example is https://github.com/luohuazju/sillycat-jwtphp
I used to be a PHP developer, but I haven’t use that for some time. So first of all, check my PHP ENV.
> php --version
PHP 7.2.12 (cli) (built: Nov 17 2018 22:16:25) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Make sure I have composer if I am not in that directory
> curl -sS https://getcomposer.org/installer | php
In my project directory, install the PHP dependency
> php composer.phar install
Copy the token and public key in jwtphpdecodejava.php
Run this command
> php src/jwtphpdecodejava.php
The PHP code will use the token and public key to verify token and get the contents.
If we do not have the public key, we will only get
Fatal error: Uncaught Firebase\JWT\SignatureInvalidException: Signature verification failed in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php:112
Stack trace:
#0 /Users/hluo/work/php/sillycat-jwtphp/src/jwtphpdecodejava.php(18): Firebase\JWT\JWT::decode('eyJhbGciOiJSUzU...', '-----BEGIN PUBL...', Array)
#1 {main}
thrown in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php on line 112
If the token is signed by other private key, we will get the same error as well.
In the PHP project, we have the examples to do the same thing as sillycat-authcenter does. So no matter which language, we can do the similar things.
The purpose is that resource server will not talk to auth server; no matter our Microservices are written in which language;
References:
https://jwt.io/
https://github.com/luohuazju/sillycat-jwtphp
https://github.com/luohuazju/sillycat-authcenter
Here is my Example in JAVA which can generate the RSA 512 private key and public key.
In side the java example, we can use the private key to sign our content, time and etc to generate a token.
https://github.com/luohuazju/sillycat-authcenter
RSACoder class, when we run it, it will generate the private key and public key pair in strings as follow for example:
privateKey:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLl3YRnsI8ZMlBF9F/naLo7KjZP6VRwU+KtqDyRwHBUNn2PUhU1RaoODiLrWcFJ7awF6LzNZ3K5rfCrrt31LJ6pEgMt1g+09ShlFoycU9DGk2URBDc3ZWiGm3iR19UyFzpjVuGfbQvsr3rYfvpHKsnamk3WEu3ZGzm64bY905JtAgMBAAECgYAuF2UkOObXZ4F8Bxn4H5Hu8VFl3t7Z33rtWxqOSGsRRdEoNmXKiwgg0TA5NPPSBe8TNA6Lnkw51bcH2+PY0dMlu0CpsomEFOMZo016jf+rMmldXZiRccSdNrmMrSU1HXBQGgcIZ09BvGjV1Xcvukqu4hcw2Cx2tR1arfz8LhJMwQJBAN8qKn9Fnc1huDIR6U0043nWLioMTp/l0M+CyYPe69A7FuS+vyF83ZSYDh50bByPGpIpBimTP8/der0/M7RDshECQQDNOFLlEPGG61nn7Ah9KZzeDW/NsgOS7xb5iYYfm1Tlot2r0ZMe5Yl7+EePxV76GcOeKfJXC2TQIJgFU6NI+36dAkEAtrG6YL8JVN4vAS6QpFgr8c5ZtKqmo1hs/bTAbGjO/IWjVFij+DJU5BUnWd9NsoOk6QsUtGyLzQwwM0XOekEBQQJAYPWflMKwmsJPtBf82sXya6eFj3Xv4lg8TqH/UKefMPAGM8vM6uggUQY5KWBjQ18w4WWILkAf3YXIzZt6plzMsQJBAK3EmpqWbr6uzMUKG9NKdpPHpbjSFpY1IZ5pe9HBcJloEAdqJTx3uvdyLHYwBOfkZrpIA5glBjpgeEuOgJMOixE=
publicKey:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
In my sample, copy the keys to the second class JWTJavaWithPublicPrivateKey
Run the class JWTJavaWithPublicPrivateKey, it will use the private key to generate a token:
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Actually, the content in the token is
yiyikang
user
1556838165259
These JAVA code can easily use public key to decode that contents from the token.
Image we have 2 separate servers,
Auth Server will host the private key and sign the contents (username, email, profiles, expiration date and etc) to generate a token string and response back.
Resource Server will host the public key and verify the token, #1, if this token is from Auth Server, expiration data passed? #2 get other contents if #1 pass
In this case, resource server do not need to talk to Auth Server to verify anything, once it has the public key, it can do the decode and verify.
Token and all these methods they are standard, so go to this website
https://jwt.io/
Paste the token in that window
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Put our public key there in the window as well
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
-----END PUBLIC KEY-----
It will share with us, the Signature Verified and all the contents we have.
That is to say, our token is standard. Other codes/SDK/library can decode and verify as well.
There is a list of libraries in that website.
I only pick up a PHP as an example to verify. The example is https://github.com/luohuazju/sillycat-jwtphp
I used to be a PHP developer, but I haven’t use that for some time. So first of all, check my PHP ENV.
> php --version
PHP 7.2.12 (cli) (built: Nov 17 2018 22:16:25) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Make sure I have composer if I am not in that directory
> curl -sS https://getcomposer.org/installer | php
In my project directory, install the PHP dependency
> php composer.phar install
Copy the token and public key in jwtphpdecodejava.php
Run this command
> php src/jwtphpdecodejava.php
The PHP code will use the token and public key to verify token and get the contents.
If we do not have the public key, we will only get
Fatal error: Uncaught Firebase\JWT\SignatureInvalidException: Signature verification failed in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php:112
Stack trace:
#0 /Users/hluo/work/php/sillycat-jwtphp/src/jwtphpdecodejava.php(18): Firebase\JWT\JWT::decode('eyJhbGciOiJSUzU...', '-----BEGIN PUBL...', Array)
#1 {main}
thrown in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php on line 112
If the token is signed by other private key, we will get the same error as well.
In the PHP project, we have the examples to do the same thing as sillycat-authcenter does. So no matter which language, we can do the similar things.
The purpose is that resource server will not talk to auth server; no matter our Microservices are written in which language;
References:
https://jwt.io/
https://github.com/luohuazju/sillycat-jwtphp
https://github.com/luohuazju/sillycat-authcenter
发表评论
-
Update Site will come soon
2021-06-02 04:10 1672I am still keep notes my tech n ... -
Stop Update Here
2020-04-28 09:00 310I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 468NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 362Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 364Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 330Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 424Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 428Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 367Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 445VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 377Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 468NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 414Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 332Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 243GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 445GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 321GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 307Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 310Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 286Serverless with NodeJS and Tenc ...
相关推荐
java-jwt-3.1.0.jar
java-jwt-3.8.1.jar 包 下载
《PyPI官网下载:深入解析py-auth0-jwt-rest-0.1.2》 PyPI(Python Package Index)是Python开发者广泛使用的软件仓库,它提供了丰富的Python库供用户下载和使用。今天我们要关注的是一个名为`py-auth0-jwt-rest-...
3. **ktor-auth模块**:ktor提供了一套认证和授权机制,ktor-auth模块可以用来实现JWT验证。它支持多种认证策略,如Basic Auth、OAuth2等,同时也支持自定义验证逻辑。 4. **ktor-server-jwt**:ktor的这个插件专门...
3. **src**:源代码目录,通常包含Java源文件,是实现BasicAuth服务端的主要部分。 4. **build**:可能是编译后的目标文件或构建过程的输出目录,通常包含.class文件。 5. **.settings**:Eclipse项目的特定配置...
在`config/app.php`中,添加`Tymon\JWTAuth\Providers\LaravelServiceProvider`到`providers`数组,并在`aliases`数组中添加`'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,`和`'JWTFactory' => Tymon\JWTAuth...
and Create a JAR file and make that aviable in the project directory $ mvn clean install = JAR FILE = /target/demo-0.0.1-SNAPSHOT.jar Run JAR FILE : $ java -jar target/demo-0.0.1-SNAPSHOT....
Laravel是一个优雅且强大的PHP web应用框架,而JWT Auth则是一个流行的身份验证解决方案,尤其适用于API开发,因为它提供了轻量级的授权和身份验证机制。 首先,JWT是一种安全的令牌标准(RFC 7519),它允许我们在...
通过base64加密方式将用户名和密码进行封装,生成basic auth的认证信息,再将该信息塞进请求头里,最后通过认证进行get请求。
某宝购买springClode一整套实战项目源代码+视频,包含技术:Eureka、Feign、Zuul、Config、Ribbon、...权限认证:auth2.0+jwt;消息中间件:rebbitMQ, 注:当中的视频是整个项目的难点和技术点的介绍,通俗易懂值得收藏
3. **JWT解析**:解析JWT以获取Payload中的信息,工具类应包含一个方法来验证签名并提取有效载荷。这需要公钥或秘钥对来进行解码和验证。 4. **MD5加密**:MD5是一种广泛使用的哈希函数,可以将任意长度的信息映射...
jwt_auth:使用JWT的Auth API
Tymon/jwt-auth是一个非常流行的Laravel扩展,它为Laravel添加了JWT支持。然而,原版的jwt-auth只支持单一的JWT密钥,这在某些场景下可能无法满足需求,比如需要对不同类型的用户或者不同的API端点使用不同的密钥...
httpie-jwt-auth, HTTPie的JWTAuth ( JSON网络令牌) 认证插件 httpie-jwt-auth JWTAuth ( 。JSON网络令牌) 用于 HTTPie的认证插件。安装最新稳定版本:$ pip install -U httpie-jwt-auth最新开发版
3. **刷新令牌端点(Refresh Token Endpoint)**:当访问令牌过期时,客户端使用刷新令牌来获取新的访问令牌。 4. **资源端点(Resource Endpoint)**:客户端使用访问令牌向资源服务器请求资源。 使用MAVEN作为...
该JWT-AUTH认证库是基于Thinkphp框架构建,旨在为Thinkphp提供JSON Web Token认证支持。项目源码包含50个文件,其中包括44个PHP文件、2个Markdown文件、1个.gitignore文件、1个YAML文件、1个LICENSE文件和1个JSON...
dropwizard-auth-jwt, 使用JSON网络令牌( JWT )的Dropwizard身份验证筛选器 dropwizard-auth-jwt使用JSON网络令牌( JWT )的Dropwizard身份验证过滤器。是什么?JSON网络令牌( JWT ) 是一个 compact url安全方法,...
JWT Auth Guard JWT Auth Guard是一个Laravel&Lumen软件包,可让您将jwt用作应用程序中身份验证保护的驱动程序。 Guard使用tymon/jwt-auth软件包进行身份验证和令牌处理。要求Laravel或流明安装。 ^1.0@dev软件包...