- 浏览: 2489874 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Auth Solution(3)JWT in Java and PHP Sample
Here is my Example in JAVA which can generate the RSA 512 private key and public key.
In side the java example, we can use the private key to sign our content, time and etc to generate a token.
https://github.com/luohuazju/sillycat-authcenter
RSACoder class, when we run it, it will generate the private key and public key pair in strings as follow for example:
privateKey:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLl3YRnsI8ZMlBF9F/naLo7KjZP6VRwU+KtqDyRwHBUNn2PUhU1RaoODiLrWcFJ7awF6LzNZ3K5rfCrrt31LJ6pEgMt1g+09ShlFoycU9DGk2URBDc3ZWiGm3iR19UyFzpjVuGfbQvsr3rYfvpHKsnamk3WEu3ZGzm64bY905JtAgMBAAECgYAuF2UkOObXZ4F8Bxn4H5Hu8VFl3t7Z33rtWxqOSGsRRdEoNmXKiwgg0TA5NPPSBe8TNA6Lnkw51bcH2+PY0dMlu0CpsomEFOMZo016jf+rMmldXZiRccSdNrmMrSU1HXBQGgcIZ09BvGjV1Xcvukqu4hcw2Cx2tR1arfz8LhJMwQJBAN8qKn9Fnc1huDIR6U0043nWLioMTp/l0M+CyYPe69A7FuS+vyF83ZSYDh50bByPGpIpBimTP8/der0/M7RDshECQQDNOFLlEPGG61nn7Ah9KZzeDW/NsgOS7xb5iYYfm1Tlot2r0ZMe5Yl7+EePxV76GcOeKfJXC2TQIJgFU6NI+36dAkEAtrG6YL8JVN4vAS6QpFgr8c5ZtKqmo1hs/bTAbGjO/IWjVFij+DJU5BUnWd9NsoOk6QsUtGyLzQwwM0XOekEBQQJAYPWflMKwmsJPtBf82sXya6eFj3Xv4lg8TqH/UKefMPAGM8vM6uggUQY5KWBjQ18w4WWILkAf3YXIzZt6plzMsQJBAK3EmpqWbr6uzMUKG9NKdpPHpbjSFpY1IZ5pe9HBcJloEAdqJTx3uvdyLHYwBOfkZrpIA5glBjpgeEuOgJMOixE=
publicKey:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
In my sample, copy the keys to the second class JWTJavaWithPublicPrivateKey
Run the class JWTJavaWithPublicPrivateKey, it will use the private key to generate a token:
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Actually, the content in the token is
yiyikang
user
1556838165259
These JAVA code can easily use public key to decode that contents from the token.
Image we have 2 separate servers,
Auth Server will host the private key and sign the contents (username, email, profiles, expiration date and etc) to generate a token string and response back.
Resource Server will host the public key and verify the token, #1, if this token is from Auth Server, expiration data passed? #2 get other contents if #1 pass
In this case, resource server do not need to talk to Auth Server to verify anything, once it has the public key, it can do the decode and verify.
Token and all these methods they are standard, so go to this website
https://jwt.io/
Paste the token in that window
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Put our public key there in the window as well
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
-----END PUBLIC KEY-----
It will share with us, the Signature Verified and all the contents we have.
That is to say, our token is standard. Other codes/SDK/library can decode and verify as well.
There is a list of libraries in that website.
I only pick up a PHP as an example to verify. The example is https://github.com/luohuazju/sillycat-jwtphp
I used to be a PHP developer, but I haven’t use that for some time. So first of all, check my PHP ENV.
> php --version
PHP 7.2.12 (cli) (built: Nov 17 2018 22:16:25) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Make sure I have composer if I am not in that directory
> curl -sS https://getcomposer.org/installer | php
In my project directory, install the PHP dependency
> php composer.phar install
Copy the token and public key in jwtphpdecodejava.php
Run this command
> php src/jwtphpdecodejava.php
The PHP code will use the token and public key to verify token and get the contents.
If we do not have the public key, we will only get
Fatal error: Uncaught Firebase\JWT\SignatureInvalidException: Signature verification failed in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php:112
Stack trace:
#0 /Users/hluo/work/php/sillycat-jwtphp/src/jwtphpdecodejava.php(18): Firebase\JWT\JWT::decode('eyJhbGciOiJSUzU...', '-----BEGIN PUBL...', Array)
#1 {main}
thrown in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php on line 112
If the token is signed by other private key, we will get the same error as well.
In the PHP project, we have the examples to do the same thing as sillycat-authcenter does. So no matter which language, we can do the similar things.
The purpose is that resource server will not talk to auth server; no matter our Microservices are written in which language;
References:
https://jwt.io/
https://github.com/luohuazju/sillycat-jwtphp
https://github.com/luohuazju/sillycat-authcenter
Here is my Example in JAVA which can generate the RSA 512 private key and public key.
In side the java example, we can use the private key to sign our content, time and etc to generate a token.
https://github.com/luohuazju/sillycat-authcenter
RSACoder class, when we run it, it will generate the private key and public key pair in strings as follow for example:
privateKey:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALLl3YRnsI8ZMlBF9F/naLo7KjZP6VRwU+KtqDyRwHBUNn2PUhU1RaoODiLrWcFJ7awF6LzNZ3K5rfCrrt31LJ6pEgMt1g+09ShlFoycU9DGk2URBDc3ZWiGm3iR19UyFzpjVuGfbQvsr3rYfvpHKsnamk3WEu3ZGzm64bY905JtAgMBAAECgYAuF2UkOObXZ4F8Bxn4H5Hu8VFl3t7Z33rtWxqOSGsRRdEoNmXKiwgg0TA5NPPSBe8TNA6Lnkw51bcH2+PY0dMlu0CpsomEFOMZo016jf+rMmldXZiRccSdNrmMrSU1HXBQGgcIZ09BvGjV1Xcvukqu4hcw2Cx2tR1arfz8LhJMwQJBAN8qKn9Fnc1huDIR6U0043nWLioMTp/l0M+CyYPe69A7FuS+vyF83ZSYDh50bByPGpIpBimTP8/der0/M7RDshECQQDNOFLlEPGG61nn7Ah9KZzeDW/NsgOS7xb5iYYfm1Tlot2r0ZMe5Yl7+EePxV76GcOeKfJXC2TQIJgFU6NI+36dAkEAtrG6YL8JVN4vAS6QpFgr8c5ZtKqmo1hs/bTAbGjO/IWjVFij+DJU5BUnWd9NsoOk6QsUtGyLzQwwM0XOekEBQQJAYPWflMKwmsJPtBf82sXya6eFj3Xv4lg8TqH/UKefMPAGM8vM6uggUQY5KWBjQ18w4WWILkAf3YXIzZt6plzMsQJBAK3EmpqWbr6uzMUKG9NKdpPHpbjSFpY1IZ5pe9HBcJloEAdqJTx3uvdyLHYwBOfkZrpIA5glBjpgeEuOgJMOixE=
publicKey:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
In my sample, copy the keys to the second class JWTJavaWithPublicPrivateKey
Run the class JWTJavaWithPublicPrivateKey, it will use the private key to generate a token:
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Actually, the content in the token is
yiyikang
user
1556838165259
These JAVA code can easily use public key to decode that contents from the token.
Image we have 2 separate servers,
Auth Server will host the private key and sign the contents (username, email, profiles, expiration date and etc) to generate a token string and response back.
Resource Server will host the public key and verify the token, #1, if this token is from Auth Server, expiration data passed? #2 get other contents if #1 pass
In this case, resource server do not need to talk to Auth Server to verify anything, once it has the public key, it can do the decode and verify.
Token and all these methods they are standard, so go to this website
https://jwt.io/
Paste the token in that window
eyJhbGciOiJSUzUxMiJ9.eyJyb2xlIjoidXNlciIsImNyZWF0ZWQiOjE1NTY4MzgxNjUyNTksImlkIjoieWl5aWthbmciLCJlbWFpbCI6InlpeWlrYW5ncmFjaGVsQGdtYWlsLmNvbSJ9.lYFXMoaqK3BRSyvMdu7HqSv6RwkNNvW3cIhyQ3sL47RjKjo5P2exQ6X43SJXl0bexn4BqXRCcWwjk2vhk8WbfqIxj0nK01WODuU6LD8SmxJVx81pX3wPhZBlyDt8DaQ1Eh0nl50mvzc6nJP4cm6-Hlen_B3XSCH_kUHk60DL3vg
Put our public key there in the window as well
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy5d2EZ7CPGTJQRfRf52i6Oyo2T+lUcFPirag8kcBwVDZ9j1IVNUWqDg4i61nBSe2sBei8zWdyua3wq67d9SyeqRIDLdYPtPUoZRaMnFPQxpNlEQQ3N2Vohpt4kdfVMhc6Y1bhn20L7K962H76RyrJ2ppN1hLt2Rs5uuG2PdOSbQIDAQAB
-----END PUBLIC KEY-----
It will share with us, the Signature Verified and all the contents we have.
That is to say, our token is standard. Other codes/SDK/library can decode and verify as well.
There is a list of libraries in that website.
I only pick up a PHP as an example to verify. The example is https://github.com/luohuazju/sillycat-jwtphp
I used to be a PHP developer, but I haven’t use that for some time. So first of all, check my PHP ENV.
> php --version
PHP 7.2.12 (cli) (built: Nov 17 2018 22:16:25) ( ZTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Make sure I have composer if I am not in that directory
> curl -sS https://getcomposer.org/installer | php
In my project directory, install the PHP dependency
> php composer.phar install
Copy the token and public key in jwtphpdecodejava.php
Run this command
> php src/jwtphpdecodejava.php
The PHP code will use the token and public key to verify token and get the contents.
If we do not have the public key, we will only get
Fatal error: Uncaught Firebase\JWT\SignatureInvalidException: Signature verification failed in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php:112
Stack trace:
#0 /Users/hluo/work/php/sillycat-jwtphp/src/jwtphpdecodejava.php(18): Firebase\JWT\JWT::decode('eyJhbGciOiJSUzU...', '-----BEGIN PUBL...', Array)
#1 {main}
thrown in /Users/hluo/work/php/sillycat-jwtphp/vendor/firebase/php-jwt/src/JWT.php on line 112
If the token is signed by other private key, we will get the same error as well.
In the PHP project, we have the examples to do the same thing as sillycat-authcenter does. So no matter which language, we can do the similar things.
The purpose is that resource server will not talk to auth server; no matter our Microservices are written in which language;
References:
https://jwt.io/
https://github.com/luohuazju/sillycat-jwtphp
https://github.com/luohuazju/sillycat-authcenter
发表评论
-
Update Site will come soon
2021-06-02 04:10 1614I am still keep notes my tech n ... -
Stop Update Here
2020-04-28 09:00 266I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 433NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 316Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 325Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 297Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 383Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 379Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 331Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 403VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 339Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 419NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 365Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 294Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 214GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 395GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 279GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 267Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 267Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 255Serverless with NodeJS and Tenc ...
相关推荐
java-jwt-3.8.1.jar 包 下载
Java 实现HTTP BasicAuth服务端代码,压缩包为Eclipse工程,导入即可运行
and Create a JAR file and make that aviable in the project directory $ mvn clean install = JAR FILE = /target/demo-0.0.1-SNAPSHOT.jar Run JAR FILE : $ java -jar target/demo-0.0.1-SNAPSHOT....
通过base64加密方式将用户名和密码进行封装,生成basic auth的认证信息,再将该信息塞进请求头里,最后通过认证进行get请求。
某宝购买springClode一整套实战项目源代码+视频,包含技术:Eureka、Feign、Zuul、Config、Ribbon、...权限认证:auth2.0+jwt;消息中间件:rebbitMQ, 注:当中的视频是整个项目的难点和技术点的介绍,通俗易懂值得收藏
jwt_auth:使用JWT的Auth API
httpie-jwt-auth, HTTPie的JWTAuth ( JSON网络令牌) 认证插件 httpie-jwt-auth JWTAuth ( 。JSON网络令牌) 用于 HTTPie的认证插件。安装最新稳定版本:$ pip install -U httpie-jwt-auth最新开发版
资源来自pypi官网。 资源全名:py-auth0-jwt-rest-0.1.2.tar.gz
dropwizard-auth-jwt, 使用JSON网络令牌( JWT )的Dropwizard身份验证筛选器 dropwizard-auth-jwt使用JSON网络令牌( JWT )的Dropwizard身份验证过滤器。是什么?JSON网络令牌( JWT ) 是一个 compact url安全方法,...
火花java-jwt 示例SparkJava-JWT集成科技公共可用端点终点HTTP方法参数描述/ auth /注册邮政JSON正文必填字段:用户名,密码。 附加字段firstName,secondName 新用户注册/ auth /登录邮政JSON正文必填字段:用户名...
记录一下使用SpringBoot集成Shiro框架和Jwt框架实现前后端分离Web项目的过程,后端使用SpringBoot整合Shiro+Jwt(auth0),前端使用vue+elementUI框架,前后端的交互使用的是jwt的token,shiro的会话关闭,后端只需要...
Laravel开发-jwt-auth Laravel和Lumen的JSON Web令牌身份验证
提供JWT Auth支持(安全,易于使用和轻量级)的FastAPI扩展,如果您熟悉flask-jwt-extended,此扩展适合您,则导致此扩展受flask-jwt-extended的启发 :grinning_face: 访问令牌和刷新令牌 新鲜代币 吊销代币 支持...
java-jwt 3.7.0的jar包备份,由于用maven下载还多一道工序,因此直接编译成jar包方便简单导入。 用于教学和试用。 https://github.com/auth0/java-jwt
Laravel开发-jwt-auth-multiple-keys 向tymon/jwt auth包添加多个键链支持
koa-auth-jwt 描述 与结合使用。 该中间件可用于保护路由。 它将在X-Auth-Token请求标头中查找 。 如果不存在令牌或令牌无效,则会将401 unauthorized的HTTP响应代码401 unauthorized发送回去。 否则,将使用jwt中的...
关于如何在ktor应用程序流中包含jwt的一个简单但略为详细的示例。
Laravel开发-laravel-jwt-auth Laravel和Lumen的JSON Web令牌身份验证
jwt所需jar包资源
JWT Auth Guard JWT Auth Guard是一个Laravel&Lumen软件包,可让您将jwt用作应用程序中身份验证保护的驱动程序。 Guard使用tymon/jwt-auth软件包进行身份验证和令牌处理。要求Laravel或流明安装。 ^1.0@dev软件包...