1、依赖下载地址
jose4j-0.9.2.jar下载地址:/maven2/org/bitbucket/b_c/jose4j/0.9.3/jose4j-0.9.3.jar
JWT-SDK-1.1.1_1.8.jar下载地址(我的是JDK1.8):
https://idaas-hangzhou-developer.oss-cn-/developer/java/jwt/JWT-SDK-1.1.1_1.8.zip?spm=a2c4g.11186623.0.0.60f26945OSTv22&file=JWT-SDK-1.1.1_1.8.zip
2、引入JWT依赖
JWT-SDK-1.1.1_1.8.jar、jose4j-0.9.2.jar
3、编写代码
package sso12;import com.alibaba.fastjson.JSON;import com.idsmanager.dingdang.jwt.DingdangUserRetriever;import mons.lang.StringUtils;import org.jose4j.jwk.JsonWebKey;import org.jose4j.jws.JsonWebSignature;import org.jose4j.jwt.MalformedClaimException;import org.jose4j.jwt.consumer.InvalidJwtException;import org.jose4j.lang.JoseException;import turboweb.sso.Oauth2Entrance;import javax.servlet.annotation.WebServlet;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.IOException;/*** @author zhouhj* @date -02-07 15:09**/@WebServlet(name = "jwtlogin", urlPatterns = {"/jwtlogin" })public class JWTLogin extends HttpServlet {//外部访问该servlet的地址: http://自己ip跟端口/jwtlogin/id_token="..." //JWT开发文档地址:/document_detail/167870.html?spm=a2c4g.11186623.0.0.2ddd5967V45zNs//PublicKey秘钥用于signature(签名)部分加密解密 ,填写生成id_token时的秘钥(或三方给你的) private static final String PublicKey="...";protected void doPost(HttpServletRequest req, HttpServletResponse resp) {//获取id_tokenString id_token = req.getParameter("id_token");System.out.println("######zy_jwtlogin id_token :"+id_token);//验证id_tokenif(StringUtils.isNotEmpty(id_token)){String verifyMsg = verify(id_token, PublicKey);System.out.println("########verify state:" + verifyMsg);}}protected String verify(String id_token, String PublicKey){//1.使用公钥,解析 id_token;使用PublicKey解析上一步获取的 id_token 令牌,并验证id_token//DingdangUserRetriever retriever = new DingdangUserRetriever(id_token,PublicKey);JWTLogin.Dingdang retriever = new JWTLogin.Dingdang(id_token,PublicKey);DingdangUserRetriever.User user = null;String account = null;try {//2.获取用户信息user = retriever.retrieve();if(user != null){account = user.getUsername();String email = user.getEmail();account = account !=null ? account : email;System.out.println("########mailaccount:"+account);//3.判断邮箱账号是否存在,调用自己系统方法boolean isExistAccount = isExistedAccount(account);if (isExistAccount) {//4.如果用户存在,则登录成功,跳转到首页//TODO} else {return "user not exist";}}else{return "userinfo is null";}} catch (Exception e) {return "zy_jwtlogin sso login error";}return "ok";}static class Dingdang extends DingdangUserRetriever{public Dingdang(String jwtToken, String publicKey) {super(jwtToken, publicKey);}/*** 验证token是否正确* @return* @throws JoseException* @throws IOException*/@Overridepublic DingdangUserRetriever.User retrieve() throws JoseException, IOException {JsonWebSignature jws = this.initJWTSignature();jws.setKey(JsonWebKey.Factory.newJwk(this.publicKey).getKey());boolean verifySignature = jws.verifySignature();System.out.println("####### id_token verify result:"+verifySignature);return verifySignature ? checkingAndGetUser(jws) : null;}/*** 获取载荷信息赋给User对象* @param jws* @return* @throws JoseException* @throws IOException*/@Overrideprotected DingdangUserRetriever.User checkingAndGetUser(JsonWebSignature jws) throws JoseException, IOException {String payload = jws.getPayload();DingdangUserRetriever.User user = JSON.parseObject(payload,DingdangUserRetriever.User.class);System.out.println("#########userInfo:"+user.toString());if (this.checkingExpired) {try {boolean expired = this.checkingIdTokenExpired(payload);if (expired) {System.out.println("########## id_token expired check fail");return null;}} catch (InvalidJwtException | MalformedClaimException var5) {throw new JoseException("Invalid JWT, payload: " + payload, var5);}}return user;}}protected void doGet(HttpServletRequest req, HttpServletResponse resp) {this.doPost(req, resp);}}
