使用ByteBuffer作为JWT声明

问题描述 投票:0回答:2

我正在使用JWT令牌,我有一个声称是ByteBuffer。 JWT生成成功,但是当我尝试解析JWT令牌并验证声明时,它会抱怨claimSet没有值。

以下是我的代码的外观:

        ByteBuffer encryptedText = getEncryptedTextAsByteBuffer();

        Instant timestamp = timestampSupplier.get();
        JWTClaimsSet claimsSet = new JWTClaimsSet();
        claimsSet.setAudience("test-audience");
        claimsSet.setIssuer("test-issuer");
        claimsSet.setNotBeforeTime(Date.from(timestamp));
        claimsSet.setExpirationTime(Date.from(Instant.ofEpochSecond(expirationTimestamp)));
        claimsSet.setClaim("myObject", encryptedText );

        PlainJWT jwt = new PlainJWT(claimsSet);
        return jwt.serialize();

验证码如下所示:

        PlainJWT jwtToken = PlainJWT.parse(jwtToken);
        ReadOnlyJWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
        Map<String, Object> claims = claimsSet.getAllClaims();
        ByteBuffer encryptedText = (ByteBuffer) claims.get("myObject");

我看到的异常消息是:

java.lang.ClassCastException: net.minidev.json.JSONObject cannot be cast to java.nio.ByteBuffer

我添加了一个调试器,看到Jwt生成有一个有效的非空ByteBuffer,但结果声明有“myObject”键,但值是一个空的json String。我们可以不将声明用作byteBuffer吗?或者我做错了什么?

任何帮助,将不胜感激。

java json jwt
2个回答
1
投票

ByteBuffer包含二进制数据,但JSON是文本格式。您需要将基础字节数组编码为base64,并将其作为JWT的声明包含在内

我对ByteBuffer很新,所以我回顾了javadoc以了解它是如何工作的。请试试这个

// ByteBuffer to base64
 byte[] data = new byte[encryptedText.remaining()]
 encryptedText.get(data);
 String dataB64 = DataTypeConverter.printBase64Binary(data);

 //Add claim
 claimsSet.setClaim("myObject", dataB64);

要验证它,请从base64转换为byte []。我认为在这种情况下它不需要ByteBuffer,但你可以从byte []构建它

 String dataB64 = (String) claims.get("myObject");
 byte data[] = DataTypeConverter.parseBase64Binary(dataB64)
0
投票

答案有所帮助。这是我为使代码工作所做的修改:

    ByteBuffer encryptedText = getEncryptedTextAsByteBuffer();
    String encodedText = Base64.getEncoder().encodeToString(encryptedText .array());
    Instant timestamp = timestampSupplier.get();
    JWTClaimsSet claimsSet = new JWTClaimsSet();
    claimsSet.setAudience("test-audience");
    claimsSet.setIssuer("test-issuer");
    claimsSet.setNotBeforeTime(Date.from(timestamp));
    claimsSet.setExpirationTime(Date.from(Instant.ofEpochSecond(expirationTimestamp)));
    claimsSet.setClaim("myObject", );

    PlainJWT jwt = new PlainJWT(claimsSet);
    return jwt.serialize();

验证部分更改为:

    PlainJWT jwtToken = PlainJWT.parse(jwtToken);
    ReadOnlyJWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
    String claim = (String)claimsSet.getClaim("myObject");
    byte[] emailBinary = Base64.getDecoder().decode(claim);
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.