Java JWT 令牌过期检查
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/48177766/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JWT token expiration check
提问by Developer
I've a following utility class but whenever I check for an expired Token via verify method, it's not throwing the JWtVerificationException.
我有一个以下实用程序类,但是每当我通过 verify 方法检查过期令牌时,它都不会抛出JWtVerificationException.
public class Token {
private static String SECRET = "c3bff416-993f-4760-9275-132b00256944";
public static String get(String name, String value) throws UnsupportedEncodingException {
return JWT.create()
.withIssuer("auth0")
.withClaim(name, value)
.withClaim("random", String.valueOf(UUID.randomUUID()))
.withExpiresAt(new Date(System.currentTimeMillis() + (4 * 60 * 60 * 1000)))
.sign(Algorithm.HMAC256(Token.SECRET));
}
public static DecodedJWT verify(String token) throws JWTVerificationException, UnsupportedEncodingException {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(Token.SECRET))
.withIssuer("auth0")
.acceptExpiresAt(4)
.build();
return verifier.verify(token);
}
}
As per the website https://github.com/auth0/java-jwt
根据网站https://github.com/auth0/java-jwt
When verifying a token the time validation occurs automatically, resulting in a
JWTVerificationExceptionbeing throw when the values are invalid.
在验证令牌时,时间验证会自动发生,
JWTVerificationException当值无效时会导致抛出。
Edit:
编辑:
A case when client renewing token every 5 minutes, will following work or should I add few extra seconds to accommodate any network lag?
客户端每 5 分钟更新一次令牌的情况下,接下来会工作还是应该增加几秒钟以适应任何网络延迟?
creates
创造
.withExpiresAt(new Date(System.currentTimeMillis() + (5 * 60 * 1000))) // 5 minutes
verify
核实
.acceptExpiresAt(5 * 60) // accept expiry of 5 minutes
回答by John
JWT.create().withExpiresAt(new Date(System.currentTimeMillis() + (5 * 60 * 1000)))means you will create a token, which will expire after 5 minutes. It seems good.
JWT.create().withExpiresAt(new Date(System.currentTimeMillis() + (5 * 60 * 1000)))意味着您将创建一个令牌,该令牌将在 5 分钟后过期。看起来不错。
JWT.require(xxx).acceptExpiresAt(5 * 60)means you will accept a token which has already expired5 minutes before.Even considering the network lag, 5 minutes of leeway is still too long. It should in seconds.
JWT.require(xxx).acceptExpiresAt(5 * 60)意味着您将接受一个在5 分钟前已经过期的令牌。即使考虑到网络延迟,5 分钟的余地仍然太长。它应该在几秒钟内。
回答by Khadija Aitrazouk
If the token has an invalid signature or the Claim requirement is not met, a JWTVerificationExceptionwill raise.
如果令牌具有无效签名或不满足索赔要求,JWTVerificationException则将引发。
When verifying a token the time validation occurs automatically, resulting in a JWTVerificationExceptionbeing throw when the values are invalid. If any of the previous fields are missing they will not be considered in this validation.
在验证令牌时,时间验证会自动发生,JWTVerificationException当值无效时会导致抛出。如果缺少任何先前的字段,则不会在此验证中考虑它们。
回答by avirias
Just add separate catch block when verifying token
验证令牌时只需添加单独的 catch 块
try {
DecodedJWT decodedJWT = Token.verify();
Map claims = decodedJWT.getClaims();
} catch (TokenExpiredException e) {
// Token expired
} catch (JWTVerificationException e) {
// Token validation error
}
