 * Parses the JWT token and return a {@link QueryResponse} object containing the domain, user id, type (Zowe / z/OSMF),
 * date of creation and date of expiration
 * @param jwtToken the JWT token
 * @return the query response
public QueryResponse parseJwtToken(String jwtToken) {
     * Removes signature, because of z/OSMF we don't have key to verify certificate and
     * we just need to read claim. Verification is realized via REST call to z/OSMF.
     * JWT library doesn't parse signed key without verification.
    final String withoutSign = removeSign(jwtToken);

    // parse to claims and construct QueryResponse
    try {
        Claims claims = Jwts.parser()
        return new QueryResponse(
            claims.get(DOMAIN_CLAIM_NAME, String.class),
    } catch (RuntimeException exception) {
        throw handleJwtParserException(exception);
 * 使用HS256签名算法和生成的signingKey最终的Token,claims中是有效载荷
 * @param userName     = sub JWT面向的用户 (User)
 * @param clientId   = aud 接受JWT的一方 (Client)
 * @param expiration = exp  过期时间
 * @param issuedAt   = iat  签发时间
 * @return
public static String createJavaWebToken(Long userId, String userName, String clientId, String scope,
                                        Date expiration, Date issuedAt) {

    Claims claims =;
    claims.put(USER_ID_KEY, userId);
    claims.put(USER_NAME_KEY, userName);
    claims.put(CLIENT_ID_KEY, clientId);
    claims.put(SCOPE_KEY, scope);

    String token = Jwts.builder()
            .signWith(SignatureAlgorithm.HS256, getKeyInstance())
    return token;
 * @param jwt json web token
 * @return 解签实体
 * @throws ExpiredJwtException token过期
 * @throws UnsupportedJwtException 不支持的TOKEN
 * @throws MalformedJwtException 参数格式形变等异常
 * @throws SignatureException 签名异常
 * @throws IllegalArgumentException 非法参数
public static Claims parseJwt(String jwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return  Jwts.parser()

    // 令牌ID -- claims.getId()
    // 客户标识 -- claims.getSubject()
    // 客户标识
    // 签发者 -- claims.getIssuer()
    // 签发时间 -- claims.getIssuedAt()
    // 接收方 -- claims.getAudience()
    // 访问主张-角色 -- claims.get("roles", String.class)
    // 访问主张-权限 -- claims.get("perms", String.class)
public static Authentication getAuthentication(HttpServletRequest request) {

        // 从Header中拿到token
        String token = request.getHeader(HEADER_STRING);
        if (token == null) {
            token = getTokenFromCookis(request);

        if (token != null && !token.isEmpty()) {
            // 解析 Token
            Claims claims = Jwts.parser().setSigningKey(SECRET)

            // 获取用户名
            String user = claims.get("UserId").toString();

            // 获取权限(角色)
            List<GrantedAuthority> authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get("authorities"));

            // 返回验证令牌
            return user != null ? new UsernamePasswordAuthenticationToken(user, null, authorities) : null;
        return null;
public Claims parse(final String token) {
    return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
        public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
            final String keyid = header.getKeyId();
            if (keyid == null) {
                throw new JwtException("Missing Key ID (kid) header field");
            if (keys.containsKey(keyid)) {
                return keys.get(keyid);
            throw new SecurityException("Could not locate key: " + keyid);
public static RequestUserDTO getConnUser(HttpServletRequest request) {
    String token = request.getHeader(HEADER_STRING);
    if (token == null) {
        token = getTokenFromCookis(request);
    if (token != null) {
        // 解析 Token
        Claims claims = Jwts.parser().setSigningKey(SECRET)

        return new RequestUserDTO(
                claims.get("DomainId", String.class),
                claims.get("UserId", String.class),
                claims.get("OrgUnitId", String.class));
    return new RequestUserDTO();
 * 解析token
 * @param token
 * @return
 * @throws Exception
public static AuthTokenDetails parseToken(String token) throws Exception {
    Claims claims = Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
    String userId = claims.getSubject();
    String appId = (String) claims.get(APP_ID_FIELD);
    String organizationId = (String) claims.get(ORGANIZATION_ID_FIELD);
    String roleId = (String) claims.get(ROLE_ID_FIELD);
    String roleType = (String) claims.get(ROLE_TYPE_FIELD);
    String language = (String) claims.get(LANGUAGE_FIELD);
    Date expirationDate = claims.getExpiration();

    AuthTokenDetails authTokenDetails = new AuthTokenDetails();
    authTokenDetails.setRoleId(roleId == null ? null : Long.valueOf(roleId));
    return authTokenDetails;
 * 获取Claims
 * @param request request
 * @return Claims
public static Claims getClaims(HttpServletRequest request) {
	String auth = request.getHeader(SecureUtil.HEADER);
	if (StringUtil.isNotBlank(auth) && auth.length() > AUTH_LENGTH) {
		String headStr = auth.substring(0, 6).toLowerCase();
		if (headStr.compareTo(SecureUtil.BEARER) == 0) {
			auth = auth.substring(7);
			return SecureUtil.parseJWT(auth);
	} else {
		String parameter = request.getParameter(SecureUtil.HEADER);
		if (StringUtil.isNotBlank(parameter)) {
			return SecureUtil.parseJWT(parameter);
	return null;
public void shouldRetrieveTheEmailWhenItIsNotInJwtToken() throws Exception {

  Map<String, Object> claimParams = new HashMap<>();
  claimParams.put("preferred_username", "username");
  Claims claims = new DefaultClaims(claimParams).setSubject("id");
  DefaultJws<Claims> jws = new DefaultJws<>(new DefaultJwsHeader(), claims, "");
  UserImpl user = new UserImpl("id", "", "username");
  keycloakSettingsMap.put(KeycloakConstants.USERNAME_CLAIM_SETTING, "preferred_username");
  // given
  when(userManager.getOrCreateUser(anyString(), anyString(), anyString())).thenReturn(user);
  keycloakAttributes.put("email", "");

  try {
    // when
    filter.doFilter(request, response, chain);
  } catch (Exception e) {
    throw e;

  verify(userManager).getOrCreateUser("id", "", "username");
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
	String path = exchange.getRequest().getURI().getPath();
	if (isSkip(path)) {
		return chain.filter(exchange);
	ServerHttpResponse resp = exchange.getResponse();
	String headerToken = exchange.getRequest().getHeaders().getFirst(AuthProvider.AUTH_KEY);
	String paramToken = exchange.getRequest().getQueryParams().getFirst(AuthProvider.AUTH_KEY);
	if (StringUtils.isAllBlank(headerToken, paramToken)) {
		return unAuth(resp, "缺失令牌,鉴权失败");
	String auth = StringUtils.isBlank(headerToken) ? paramToken : headerToken;
	String token = JwtUtil.getToken(auth);
	Claims claims = JwtUtil.parseJWT(token);
	if (claims == null) {
		return unAuth(resp, "请求未授权");
	return chain.filter(exchange);
Example #11
Source File:    From scava with Eclipse Public License 2.0 6 votes vote down vote up
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse rsp, FilterChain filterChain)
		throws ServletException, IOException {
	String token = req.getHeader(config.getHeader());
	if (token != null && token.startsWith(config.getPrefix() + " ")) {
		token = token.replace(config.getPrefix() + " ", "");
		try {
			Claims claims = Jwts.parser().setSigningKey(config.getSecret().getBytes()).parseClaimsJws(token)
			String username = claims.getSubject();
			List<String> authorities = claims.get("authorities", List.class);
			if (username != null) {
				UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null,;
		} catch (Exception ignore) {
	filterChain.doFilter(req, rsp);

public Map<String, Object> validateToken(String token) {
   /* 成功则返回user 失败抛出未授权异常,但是如果要刷新token,我想也在这里完成,因为如果后面判断token是否过期
    超时时间可以随着刷新自增长 最大为7天*/
    Claims claims = getAllClaimsFromToken(token);
    long difference = claims.getExpiration().getTime() - System.currentTimeMillis();
    if (difference < 0) {
        //无效 抛token过期异常
        throw new AuthExpirationException(HttpStatus.UNAUTHORIZED, "登录身份信息过期");
    if (difference < authProperties.getRefreshInterval()) {
        token = refreshToken(claims);
        claims.put("newToken", token);
    return claims;
public static AuthUser parseJWT(String jwt) {
        if (jwt.split("\\.").length == 3) {
//            String head = jwt.split("\\.")[0];
//            String payload = jwt.split("\\.")[1];
            String sign = jwt.split("\\.")[2];
//            JwsHeader claim1 = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(CONSTANT.SECRET_KEY)).parseClaimsJws(jwt).getHeader();
            Claims claims = Jwts.parser().setSigningKey(DatatypeConverter.parseBase64Binary(CONSTANT.SECRET_KEY)).parseClaimsJws(jwt).getBody();
            String newSign = createJWT(JSONObject.toJSONString(claims)).split("\\.")[2];
            if (Common.isEquals(newSign, sign)) {
//      "数据一致");
//      "userId")));
//       claims.get("userName"));
//       claims.get("userNickName"));
//       claims.get("expireTime"));
                AuthUser authUser = new AuthUser((Integer) claims.get("userId"), (String) claims.get("userName"),
                        (String) claims.get("userNickName"), Timestamp.valueOf((String) claims.get("expireTime")));
                return authUser;
            return null;
        } else {
            return null;
public Authentication getAuthentication(String token) {
    Claims claims = Jwts.parser()

    Collection<? extends GrantedAuthority> authorities =

    User principal = new User(claims.getSubject(), "",

    return new UsernamePasswordAuthenticationToken(principal, "", authorities);
public void testSerializeKeyPair() throws Exception {
    KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);

    String privateKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPrivate());
    String publicKey = AuthTokenUtils.encodeKeyBase64(keyPair.getPublic());

    String token = AuthTokenUtils.createToken(AuthTokenUtils.decodePrivateKey(Decoders.BASE64.decode(privateKey), SignatureAlgorithm.RS256),

    Jwt<?, Claims> jwt = Jwts.parser()
            .setSigningKey(AuthTokenUtils.decodePublicKey(Decoders.BASE64.decode(publicKey), SignatureAlgorithm.RS256))

    assertEquals(jwt.getBody().getSubject(), SUBJECT);
 * 解析jsonWebToken
 * @param jsonWebToken token串
 * @return Claims
public static Claims parseJWT(String jsonWebToken) {
	try {
		return Jwts.parser()
	} catch (Exception ex) {
		return null;
public String getAudienceFromToken(String token) {
    String audience;
    try {
        final Claims claims = getClaimsFromToken(token);
        audience = (String) claims.get(CLAIM_KEY_AUDIENCE);
    } catch (Exception e) {
        audience = null;
    return audience;
public Date getExpirationDateFromToken(String token) {
    Date expiration;
    try {
        final Claims claims = getClaimsFromToken(token);
        expiration = claims.getExpiration();
    } catch (Exception e) {
        expiration = null;
    return expiration;
public SecurityUser parseAccessJwtToken(RawAccessJwtToken rawAccessToken) {
  Jws<Claims> jwsClaims = rawAccessToken.parseClaims(settings.getTokenSigningKey());
  Claims claims = jwsClaims.getBody();
  String subject = claims.getSubject();
  List<String> scopes = claims.get(SCOPES, List.class);
  if (scopes == null || scopes.isEmpty()) {
    throw new IllegalArgumentException("JWT Token doesn't have any scopes");

  SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
  securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
  securityUser.setLastName(claims.get(LAST_NAME, String.class));
  securityUser.setEnabled(claims.get(ENABLED, Boolean.class));
  boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
  UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME,
  String tenantId = claims.get(TENANT_ID, String.class);
  if (tenantId != null) {
    securityUser.setTenantId(new TenantId(UUID.fromString(tenantId)));
  String customerId = claims.get(CUSTOMER_ID, String.class);
  if (customerId != null) {
    securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));

  return securityUser;
public String refreshToken(String token) {
    String refreshedToken;
    try {
        final Claims claims = getClaimsFromToken(token);
        claims.put(CLAIM_KEY_CREATED, new Date());
        refreshedToken = generateToken(claims);
    } catch (Exception e) {
        refreshedToken = null;
    return refreshedToken;
public AgentBaseInfoVo logout(String token) {
    try {
        Claims claims = TokenUtil.parseJWT(token);
        stringRedisTemplate.opsForHash().put(DrivingConstant.Redis.TOKEN_INVALID, token, DateTimeUtil.dateToMillis(new Date()));
        UserTokenDto userTokenDto= JsonSerializerUtil.string2Obj(claims.getSubject(),UserTokenDto.class);
        AgentBaseInfoVo agentBaseInfoVo=new AgentBaseInfoVo();
        return agentBaseInfoVo;
    }catch (Exception e){
    return null;
 * 从令牌中获取用户名
 * @param token 令牌
 * @return 用户名
public String getUsernameFromToken(String token) {
    String username;
    try {
        Claims claims = getClaimsFromToken(token);
        username = claims.getSubject();
    } catch (Exception e) {
        username = null;
    return username;
private void verifyToken(RequestContext ctx) {
    try {
        String token = CookieUtils.getCookie("token");
        Claims claims = JWTUtils.parseJWT(token, "nimadetou".getBytes());
        String subject = claims.getSubject();
        UserInfoDTO userinfo = JSONUtils.parseObject(subject, UserInfoDTO.class);;
    } catch (Exception e) {
Example #24
Source File:    From Spring-Boot-Blog-REST-API with GNU Affero General Public License v3.0 5 votes vote down vote up
public Long getUserIdFromJWT(String token){
    Claims claims = Jwts.parser()

    return Long.valueOf(claims.getSubject());
public Date getExpirationDateFromToken(String token) {
    Date expiration;
    try {
        final Claims claims = getClaimsFromToken(token);
        expiration = claims.getExpiration();
    } catch (Exception e) {
        expiration = null;
    return expiration;
public Date getExpirationDateFromToken(String token) {
    Date expiration;
    try {
        final Claims claims = getClaimsFromToken(token);
        expiration = claims.getExpiration();
    } catch (Exception e) {
        expiration = null;
    return expiration;
public String getAuthenticationFromToken(final String base64EncodedToken) throws JwtException {
    // The library representations of the JWT should be kept internal to this service.
    try {
        final Jws<Claims> jws = parseTokenFromBase64EncodedString(base64EncodedToken);

        if (jws == null) {
            throw new JwtException("Unable to parse token");

        // Additional validation that subject is present
        if (StringUtils.isEmpty(jws.getBody().getSubject())) {
            throw new JwtException("No subject available in token");

        // TODO: Validate issuer against active registry?
        if (StringUtils.isEmpty(jws.getBody().getIssuer())) {
            throw new JwtException("No issuer available in token");
        return jws.getBody().getSubject();
    } catch (JwtException e) {
        logger.debug("The Base64 encoded JWT: " + base64EncodedToken);
        final String errorMessage = "There was an error validating the JWT";

        // A common attack is someone trying to use a token after the user is logged out
        // No need to show a stacktrace for an expected and handled scenario
        String causeMessage = e.getLocalizedMessage();
        if (e.getCause() != null) {
            causeMessage += "\n\tCaused by: " + e.getCause().getLocalizedMessage();
        if (logger.isDebugEnabled()) {
            logger.error(errorMessage, e);
        } else {
        throw e;
 * 从token中获取JWT中的负载
private  Claims getClaimsFromToken(String token) {
    Claims claims = null;
    try {
        claims = Jwts.parser()
    } catch (Exception e) {
        LOGGER.error("JWT格式验证失败:{}", token);
    return claims;
 * 从令牌中获取用户名
 * @param token 令牌
 * @return 用户名
public String getUsernameFromToken(String token) {
    String username;
    try {
        Claims claims = getClaimsFromToken(token);
        username = claims.getSubject();
    } catch (Exception e) {
        username = null;
    return username;
 * 根据token 获取用户ID
 * @param token
 * @return
private int getUserIdFromToken(String token) {
    int userId;
    try {
        final Claims claims = getClaimsFromToken(token);
        userId = Integer.parseInt(String.valueOf(claims.get(CLAIM_KEY_USER_ID)));
    } catch (Exception e) {
        userId = 0;
    return userId;