Telegram Group & Telegram Channel
Telegram Group Β» Germany Β» Java Β» Telegram Webview Β» Post 1861
Java
πŸ” Π£ΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ JWT-Ρ‚ΠΎΠΊΠ΅Π½Π°ΠΌΠΈ с ΠΏΠΎΠΌΠΎΡ‰ΡŒΡŽ Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠΈ Auth0 Java JWT

Если Ρ‚Ρ‹ Ρ€Π°Π±ΠΎΡ‚Π°Π΅ΡˆΡŒ с Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠ΅ΠΉ ΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒΡŽ Π² Java-прилоТСниях, Ρ‚Π΅Π±Π΅ пригодится Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ° ΠΎΡ‚ [Auth0](https://github.com/auth0/java-jwt) для Ρ€Π°Π±ΠΎΡ‚Ρ‹ с JWT.

πŸ“Œ Π§Ρ‚ΠΎ Ρ‚Π°ΠΊΠΎΠ΅ JWT?
JWT (JSON Web Token) β€” это стандарт, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰ΠΈΠΉ бСзопасно ΠΏΠ΅Ρ€Π΅Π΄Π°Π²Π°Ρ‚ΡŒ Π΄Π°Π½Π½Ρ‹Π΅ ΠΌΠ΅ΠΆΠ΄Ρƒ участниками ΠΊΠ°ΠΊ JSON-ΠΎΠ±ΡŠΠ΅ΠΊΡ‚Ρ‹. Он ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅Ρ‚ΡΡ для Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠΈ, Π²Π΅Ρ€ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Π΅ΠΉ ΠΈ ΠΎΠ±ΠΌΠ΅Π½Π° Π΄Π°Π½Π½Ρ‹ΠΌΠΈ Π±Π΅Π· сСссий.

🧰 Auth0 Java JWT позволяСт:
- Π“Π΅Π½Π΅Ρ€ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹ с кастомными claim'Π°ΠΌΠΈ
- ΠŸΠΎΠ΄ΠΏΠΈΡΡ‹Π²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹ с ΠΏΠΎΠΌΠΎΡ‰ΡŒΡŽ HMAC ΠΈΠ»ΠΈ RSA
- Π’Π°Π»ΠΈΠ΄ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ ΠΈ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹
- ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΡ‚ΡŒ срок дСйствия (exp), Π°ΡƒΠ΄ΠΈΡ‚ΠΎΡ€ΠΈΡŽ, ΡΡƒΠ±ΡŠΠ΅ΠΊΡ‚ ΠΈ ΠΏΡ€ΠΎΡ‡Π΅Π΅

πŸ§ͺ ΠŸΡ€ΠΈΠΌΠ΅Ρ€: гСнСрация Ρ‚ΠΎΠΊΠ΅Π½Π°

Algorithm algorithm = Algorithm.HMAC256("secret");
String token = JWT.create()
    .withIssuer("auth0")
    .withClaim("userId", 123)
    .withExpiresAt(new Date(System.currentTimeMillis() + 3600_000))
    .sign(algorithm);


πŸ” ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΈ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ Ρ‚ΠΎΠΊΠ΅Π½Π°

JWTVerifier verifier = JWT.require(algorithm)
    .withIssuer("auth0")
    .build();

DecodedJWT jwt = verifier.verify(token);
System.out.println(jwt.getClaim("userId").asInt());


πŸ›‘οΈ ΠŸΡ€Π΅ΠΈΠΌΡƒΡ‰Π΅ΡΡ‚Π²Π°:
- ΠŸΡ€ΠΎΡΡ‚ΠΎΡ‚Π° API
- Π₯ΠΎΡ€ΠΎΡˆΠ°Ρ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΈ докумСнтация
- БСзопасноС ΡƒΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ ΠΊΠ»ΡŽΡ‡Π°ΠΌΠΈ ΠΈ подписями

πŸ“š Π‘Ρ‚Π°Ρ‚ΡŒΡ с ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π°ΠΌΠΈ ΠΈ пояснСниями:
πŸ‘‰ https://www.blackslate.io/articles/manage-jwt-

Если Ρ‚Ρ‹ пишСшь backend Π½Π° Java ΠΈ Ρ€Π°Π±ΠΎΡ‚Π°Π΅ΡˆΡŒ с Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠ΅ΠΉ β€” эта Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ° Ρ‚ΠΎΡ‡Π½ΠΎ стоит Ρ‚Π²ΠΎΠ΅Π³ΠΎ внимания.

@javatg
www.tg-me.com/de/Java/com.javatg/1861
2.8K views



tg-me.com/javatg/1861
Create:
Last Update:

πŸ” Π£ΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ JWT-Ρ‚ΠΎΠΊΠ΅Π½Π°ΠΌΠΈ с ΠΏΠΎΠΌΠΎΡ‰ΡŒΡŽ Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠΈ Auth0 Java JWT

Если Ρ‚Ρ‹ Ρ€Π°Π±ΠΎΡ‚Π°Π΅ΡˆΡŒ с Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠ΅ΠΉ ΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒΡŽ Π² Java-прилоТСниях, Ρ‚Π΅Π±Π΅ пригодится Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ° ΠΎΡ‚ [Auth0](https://github.com/auth0/java-jwt) для Ρ€Π°Π±ΠΎΡ‚Ρ‹ с JWT.

πŸ“Œ Π§Ρ‚ΠΎ Ρ‚Π°ΠΊΠΎΠ΅ JWT?
JWT (JSON Web Token) β€” это стандарт, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰ΠΈΠΉ бСзопасно ΠΏΠ΅Ρ€Π΅Π΄Π°Π²Π°Ρ‚ΡŒ Π΄Π°Π½Π½Ρ‹Π΅ ΠΌΠ΅ΠΆΠ΄Ρƒ участниками ΠΊΠ°ΠΊ JSON-ΠΎΠ±ΡŠΠ΅ΠΊΡ‚Ρ‹. Он ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅Ρ‚ΡΡ для Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠΈ, Π²Π΅Ρ€ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Π΅ΠΉ ΠΈ ΠΎΠ±ΠΌΠ΅Π½Π° Π΄Π°Π½Π½Ρ‹ΠΌΠΈ Π±Π΅Π· сСссий.

🧰 Auth0 Java JWT позволяСт:
- Π“Π΅Π½Π΅Ρ€ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹ с кастомными claim'Π°ΠΌΠΈ
- ΠŸΠΎΠ΄ΠΏΠΈΡΡ‹Π²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹ с ΠΏΠΎΠΌΠΎΡ‰ΡŒΡŽ HMAC ΠΈΠ»ΠΈ RSA
- Π’Π°Π»ΠΈΠ΄ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ ΠΈ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ Ρ‚ΠΎΠΊΠ΅Π½Ρ‹
- ΠŸΡ€ΠΎΠ²Π΅Ρ€ΡΡ‚ΡŒ срок дСйствия (exp), Π°ΡƒΠ΄ΠΈΡ‚ΠΎΡ€ΠΈΡŽ, ΡΡƒΠ±ΡŠΠ΅ΠΊΡ‚ ΠΈ ΠΏΡ€ΠΎΡ‡Π΅Π΅

πŸ§ͺ ΠŸΡ€ΠΈΠΌΠ΅Ρ€: гСнСрация Ρ‚ΠΎΠΊΠ΅Π½Π°


Algorithm algorithm = Algorithm.HMAC256("secret");
String token = JWT.create()
    .withIssuer("auth0")
    .withClaim("userId", 123)
    .withExpiresAt(new Date(System.currentTimeMillis() + 3600_000))
    .sign(algorithm);


πŸ” ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΈ Π΄Π΅ΠΊΠΎΠ΄ΠΈΡ€ΠΎΠ²Π°Π½ΠΈΠ΅ Ρ‚ΠΎΠΊΠ΅Π½Π°

JWTVerifier verifier = JWT.require(algorithm)
    .withIssuer("auth0")
    .build();

DecodedJWT jwt = verifier.verify(token);
System.out.println(jwt.getClaim("userId").asInt());


πŸ›‘οΈ ΠŸΡ€Π΅ΠΈΠΌΡƒΡ‰Π΅ΡΡ‚Π²Π°:
- ΠŸΡ€ΠΎΡΡ‚ΠΎΡ‚Π° API
- Π₯ΠΎΡ€ΠΎΡˆΠ°Ρ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΈ докумСнтация
- БСзопасноС ΡƒΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ ΠΊΠ»ΡŽΡ‡Π°ΠΌΠΈ ΠΈ подписями

πŸ“š Π‘Ρ‚Π°Ρ‚ΡŒΡ с ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π°ΠΌΠΈ ΠΈ пояснСниями:
πŸ‘‰ https://www.blackslate.io/articles/manage-jwt-

Если Ρ‚Ρ‹ пишСшь backend Π½Π° Java ΠΈ Ρ€Π°Π±ΠΎΡ‚Π°Π΅ΡˆΡŒ с Π°Π²Ρ‚ΠΎΡ€ΠΈΠ·Π°Ρ†ΠΈΠ΅ΠΉ β€” эта Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ° Ρ‚ΠΎΡ‡Π½ΠΎ стоит Ρ‚Π²ΠΎΠ΅Π³ΠΎ внимания.

@javatg

BY Java




Share with your friend now:
tg-me.com/javatg/1861

View MORE
Open in Telegram


Java Telegram | DID YOU KNOW?

Date: |

Should I buy bitcoin?

β€œTo the extent it is used I fear it’s often for illicit finance. It’s an extremely inefficient way of conducting transactions, and the amount of energy that’s consumed in processing those transactions is staggering,” the former Fed chairwoman said. Yellen’s comments have been cited as a reason for bitcoin’s recent losses. However, Yellen’s assessment of bitcoin as a inefficient medium of exchange is an important point and one that has already been raised in the past by bitcoin bulls. Using a volatile asset in exchange for goods and services makes little sense if the asset can tumble 10% in a day, or surge 80% over the course of a two months as bitcoin has done in 2021, critics argue. To put a finer point on it, over the past 12 months bitcoin has registered 8 corrections, defined as a decline from a recent peak of at least 10% but not more than 20%, and two bear markets, which are defined as falls of 20% or more, according to Dow Jones Market Data.

To pay the bills, Mr. Durov is issuing investors $1 billion to $1.5 billion of company debt, with the promise of discounted equity if the company eventually goes public, the people briefed on the plans said. He has also announced plans to start selling ads in public Telegram channels as soon as later this year, as well as offering other premium services for businesses and users.

Java from de


πŸ” Π£ΠΏΡ€Π°Π²Π»Π΅Π½ΠΈΠ΅ JWT-Ρ‚ΠΎΠΊΠ΅Π½Π°ΠΌΠΈ с ΠΏΠΎΠΌΠΎΡ‰ΡŒΡŽ Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠΈ Auth0 Java JWTЕсли Ρ‚Ρ‹ Ρ€Π°Π±ΠΎΡ‚Π°Π΅ΡˆΡŒ с Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠ΅ΠΉ ΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒΡŽ Π² Java-прилоТСниях

 Java TG
Webview: 1861
Java.Telegram Webview
Java Telegram TG Channel
Telegram Updated:
Telegram Java
FROM USA