Auto0工具類
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import org.springframework.beans.factory.annotation.Value;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
/**
* @author: lizz
* @date: 2020/1/20 09:58
*/
public class Auth0Util {
/**
* 引入apollo的配置
*/
private static String TOKEN_KEY = "54f12048-1f56-45c1-a3f1-2c546bc2bb42";
/**
* jwt有效時間
*/
private static long TOKEN_TIMEOUT = 10* 60 * 1000;
/**
* jwt生成方
*/
private final static String JWT_ISSUER = "lb-fw-gw";
/**
* 生成jwt
*
* @param header
* @return
*/
public static String create(Map<String, Object> header) {
return create(header, new HashMap<>(0), JWT_ISSUER, TOKEN_TIMEOUT);
}
public static String create(Map<String, Object> header, Map<String, String> claims) {
return create(header, claims, JWT_ISSUER, TOKEN_TIMEOUT);
}
public static String create(Map<String, Object> header, long timeout) {
return create(header, new HashMap<>(0), JWT_ISSUER, timeout);
}
/**
* 生成jwt
*
* @param header
* @param issuer
* @return
*/
public static String create(Map<String, Object> header, Map<String, String> claims, String issuer, long timeout) {
String token;
try {
Algorithm algorithm = Algorithm.HMAC256(TOKEN_KEY);
Date date = new Date(System.currentTimeMillis() + timeout);
JWTCreator.Builder builder = JWT.create()
.withHeader(header)
.withIssuer(issuer)
.withExpiresAt(date);
for (String key : claims.keySet()) {
builder.withClaim(key, claims.get(key));
}
token = builder.sign(algorithm);
} catch (JWTVerificationException exception) {
System.out.println(exception.getMessage());
return null;
}
return token;
}
/**
* 驗證jwt
*
* @param token
* @return
*/
public static DecodedJWT decode(String token) {
DecodedJWT jwt;
try {
Algorithm algorithm = Algorithm.HMAC256(TOKEN_KEY);
JWTVerifier verifier = JWT.require(algorithm)
// .withIssuer(JWT_ISSUER)
// .acceptLeeway(1)
// .acceptExpiresAt(1)
// .acceptIssuedAt(1)
// .acceptNotBefore(1)
.build();
jwt = verifier.verify(token);
} catch (JWTVerificationException exception) {
System.out.println(exception.getMessage());
return null;
}
return jwt;
}
}
單測
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.Map;
class Auth0UtilTest {
/**
* jwt創建測試結果
* 次數 : 3批耗時ms
* 1000 : 1502 1673 1513
* 10000 : 2353 2319 2311
* 100000 : 5681 5604 5452
*/
@Test
void create() {
Map<String, Object> header = new HashMap<>(4);
header.put("auth", "level1");
Map<String, String> claims = new HashMap<>(4);
claims.put("user", "xxxs");
long btime = System.currentTimeMillis();
int times = 100000;
for (int i = 1; i <= times; i++) {
Auth0Util.create(header);
}
System.out.println(System.currentTimeMillis() - btime);
}
/**
* jwt校驗測試結果
* 次數 : 3批耗時ms
* 1000 : 898 927 939
* 10000 : 1973 1992 1882
* 100000 : 4402 4562 4649
*/
@Test
void decode() {
Map<String, Object> header = new HashMap<>(4);
header.put("auth", "level1");
Map<String, String> claims = new HashMap<>(4);
claims.put("user", "xxxs");
String token = Auth0Util.create(header); //創建一個新的token
System.out.println("token:" + token);
int times = 100000; //循環次數
long btime = System.currentTimeMillis();
for (int i = 1; i <= times; i++) {
Auth0Util.decode(token);
}
System.out.println(System.currentTimeMillis() - btime);
}
}
jsonwebtoken工具類
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Value;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
/**
* @description: jsonwebtoken工具類
* @author: lizz
* @date: 2020/2/25 4:18 下午
*/
public class JsonWebTokenUtil {
/**
* jwt密鑰 必須大於32個字符
*/
private static String TOKEN_KEY = "54f12048-1f56-45c1-a3f1-2c546bc2bb42";
/**
* jwt有效時間
*/
private static long TOKEN_TIMEOUT = 60 * 30 * 1000;
/**
* jwt生成方
*/
private final static String JWT_ISSUER = "lb-fw-gw";
/**
* 生成jwt
*
* @param header
* @return
*/
public static String create(Map<String, Object> header) {
return create(header, new HashMap<>(2), JWT_ISSUER, TOKEN_TIMEOUT);
}
public static String create(Map<String, Object> header, Map<String, Object> claims) {
return create(header, claims, JWT_ISSUER, TOKEN_TIMEOUT);
}
public static String create(Map<String, Object> header, long timeout) {
return create(header, new HashMap<>(2), JWT_ISSUER, timeout);
}
public static String create(Map<String, Object> header, Map<String, Object> claims, long timeout) {
return create(header, claims, JWT_ISSUER, timeout);
}
/**
* 生成jwt
*
* @param header
* @return
*/
public static String create(Map<String, Object> header, Map<String, Object> claims, String issuer, long timeout) {
String token;
try {
Date date = new Date(System.currentTimeMillis() + timeout);
SecretKey key = Keys.hmacShaKeyFor(TOKEN_KEY.getBytes());
token = Jwts.builder()
.setHeader(header)
.setClaims(claims)
.setIssuer(issuer)
.setExpiration(date)
.signWith(key, SignatureAlgorithm.HS256)
.compact();
} catch (JwtException exception) {
System.out.println(exception.getMessage());
return null;
}
return token;
}
/**
* 驗證jwt
*
* @param token
* @return
*/
public static Jws<Claims> decode(String token) {
Jws<Claims> claimsJws;
try {
Key key = new SecretKeySpec(TOKEN_KEY.getBytes(), SignatureAlgorithm.HS256.getJcaName());
claimsJws = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
} catch (JwtException exception) {
System.out.println(exception.getMessage());
return null;
}
return claimsJws;
}
}
單測
import org.junit.jupiter.api.Test;
import java.util.HashMap;
import java.util.Map;
class JsonWebTokenUtilTest {
/**
* jwt創建測試結果
* 次數 : 3批耗時ms
* 1000 : 2037 1850 2052
* 10000 : 4874 4833 4908
* 100000 : 18598 17841 17942
*/
@Test
void create() {
HashMap<String, Object> header = new HashMap<>(4);
header.put("auth", "level1");
Map<String, Object> claims = new HashMap<>(4);
claims.put("user", "xxxs");
long btime = System.currentTimeMillis();
int times = 100000;
for (int i = 1; i <= times; i++) {
JsonWebTokenUtil.create(header,claims);
}
System.out.println(System.currentTimeMillis() - btime);
}
/**
* jwt校驗測試結果
* 次數 : 3批耗時ms
* 1000 : 2128 1980 1933
* 10000 : 9763 10073 9494
* 100000 : 47531 48893 48845
*/
@Test
void decode() {
HashMap<String, Object> header = new HashMap<>(4);
header.put("auth", "level1");
Map<String, Object> claims = new HashMap<>(4);
claims.put("user", "xxxs");
String token = JsonWebTokenUtil.create(header,claims); //創建一個新的token
int times = 100000;
long btime = System.currentTimeMillis();
for (int i = 1; i <= times; i++) {
JsonWebTokenUtil.decode(token);
}
System.out.println(System.currentTimeMillis() - btime);
}
}
測試數據
取3次中位數。
| 操作 | decode | create | ||
|---|---|---|---|---|
| 次數 | auth0 | jsonweboken | auth0 | jsonwebtoken |
| 1,000 | 1665 ms | 2842 ms | 2306 | 2398 ms |
| 10,000 | 2951 ms | 9755 ms | 3952 | 5246 ms |
| 100,000 | 5786ms | 38859 ms | 11784 | 16191 ms |
結論
- 性能方面auth0更優。
- 功能方面jsonwebtoken支持更高級的應用,如高級加密算法等。