springsecurity整合jwt实现鉴权

依赖：

    io.jsonwebtoken
    jjwt
    0.9.1

    org.springframework.boot
    spring-boot-starter-security

代码：

jwt工具类：

@Data
@ConfigurationProperties(prefix = "jwt")
@Component
public class jwtUtils {
    private String key;
    private Long expirationTime;
    private String header;
    private String encoderKey(){
        return Base64.getEncoder().encodeToString(key.getBytes());
    }
    public String generateToken() {
        Map claims = new HashMap<>();
        claims.put("sub", "halloworld");
        claims.put("created", new Date());
        claims.put("id","123");
        return generateToken(claims);
    }

    private String generateToken(Map claims) {
        Date expirationDate = new Date(System.currentTimeMillis() + expirationTime);
        String encodedKey = Base64.getEncoder().encodeToString(key.getBytes());
        String token = Jwts.builder().setClaims(claims).setExpiration(expirationDate).signWith(SignatureAlgorithm.HS512,encodedKey).compact();
        return token;
    }

    private Claims getClaimsFromToken(String token) {
        Claims claims;
        try {
            claims = Jwts.parser().setSigningKey(encoderKey()).parseClaimsJws(token).getBody();
        } catch (Exception e) {
            claims = null;
        }
        return claims;
    }

    public String getUserIdFromToken(String token) {
        String userId;
        try {
            userId = (String) getClaimsFromToken(token).get("id");
        } catch (Exception e) {
            userId = null;
        }
        return userId;
    }

    public String getUsernameFromToken(String token) {
        String username;
        try {
            Claims body = Jwts.parser().setSigningKey(encoderKey()).parseClaimsJws(token).getBody();
            username = body.getSubject();
        } catch (Exception e) {
            username=null;
        }
        return username;
    }
    public Boolean isTokenExpired(String token){
        try {
            Claims claimsFromToken = getClaimsFromToken(token);
            Date expiration = claimsFromToken.getExpiration();
            return expiration.before(new Date());
        }catch (Exception e){
            return false;
        }
    }
    public String refreshToken(String token) {
        String refreshedToken;
        try {
            Claims claimsFromToken = getClaimsFromToken(token);
            claimsFromToken.put("created", new Date());
            refreshedToken = generateToken(claimsFromToken);
        } catch (Exception e) {
            refreshedToken = null;
        }
        return refreshedToken;
    }
}

Bug：

jwt：

java.lang.IllegalArgumentException: secret key byte array cannot be null or empty

jwt秘钥需要进行base64编码

Base64.getEncoder().encodeToString(key.getBytes());

Base64-encoded key bytes may only be specified for HMAC signatures

秘钥必须使用HS开头的加密算法，如果使用加密算法为HS256，HS384或HS512，则密钥字节数组必须分别为256位（32字节），384位（48字节）或512位（64字节）

.