我有两个类OAuth2Token和CachedOAuth2Token ,它们扩展了一个名为AbstractOAuth2Token的类。
AbstractOAuth2Token.java
@SuperBuilder
@Jacksonized
@JsonSubTypes({
@JsonSubTypes.Type(value = OAuth2Token.class),
})
@Getter
@Setter
@ToString
public abstract class AbstractOAuth2Token {
@JsonProperty("access_token")
private String accessToken;
@JsonProperty("token_type")
private String tokenType;
}
OAuth2Token.java
@Getter
@Setter
@SuperBuilder
@ToString(callSuper = true)
@JsonTypeName("OAuth2Token")
@Jacksonized
public class OAuth2Token extends AbstractOAuth2Token {
@JsonProperty("expires_in")
private int expiresIn;
}
CachedOAuth2Token.java
@Getter
@Setter
@SuperBuilder
@ToString(callSuper = true)
public class CachedOAuth2Token extends AbstractOAuth2Token {
private LocalDateTime expirationDate;
}
不幸的是我的 Maven 项目没有构建,因为AbstractOAuth2Token.java: Builders on abstract classes cannot be @Jacksonized …
我编写了一个方法,将 JWT 作为请求并检查签名是否有效。
这是单元测试:
@Test
public void isValid() {
final JwtValidator jwtValidator = JwtValidator.getInstance();
final boolean valid = jwtValidator.isValid("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c");
Assert.isTrue(valid);
}
这是代码:
@SneakyThrows
public boolean isValid(String extractedToken) {
final String[] tokenParts = extractedToken.split(Pattern.quote("."));
String header = tokenParts[0];
String payload = tokenParts[1];
String signature = tokenParts[2];
final byte[] calcHmacSha256 = HMAC.calcHmacSha256("your-256-bit-secret".getBytes(), (header+"."+payload).getBytes());
final String s = Base64.getEncoder().encodeToString(calcHmacSha256);
System.out.println("'" + signature + "'.equals('"+s+"')");
return signature.equals(s);
}
日志打印两个字符串,仅相差 2 个字符,所以我觉得我已经接近“但不完全”使其工作:
'SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'.equals('SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV/adQssw5c=')
当然存在硬编码值,因为实现尚未完成,但我现在使用https://jwt.io/中的示例值以便于使用。
谢谢!
编辑1:
public class JwtValidatorTest {
@Test
public void …