Java parsing payload in jwt
To parse the Payload part in JWT (JSON Web Token) in Java, it usually requires some libraries to simplify operations.
Here are a few common methods:
1. Use the jjwt library
jjwtis a popular open source library dedicated to handling JWT. You can parse the JWT's Payload through the following steps.
Step 1: Add dependencies
existAdd to the filejjwtrely:
<dependency>
<groupId></groupId>
<artifactId>jjwt-api</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId></groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.9.1</version>
</dependency>Step 2: Analyze JWT
use()Method to parse JWT.
Here is a sample code:
import ;
import ;
public class JwtParser {
public static void main(String[] args) {
String jwtToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY2Nzg5MCIsImFkbWluIjp0cnVlLCJleHAiOjE2MDAwMDAezCuBf3DqQ";
String secretKey = "your-secret-key"; // Key for signature verification
try {
Claims claims = ()
.setSigningKey(secretKey) // Set the signature key .parseClaimsJws(jwtToken)
.getBody();
("Subject: " + ());
("Admin: " + ("admin"));
("Expiration: " + ());
} catch (Exception e) {
("Invalid JWT token");
();
}
}
}illustrate:
-
ClaimsThe object represents the Payload part of the JWT, which is a Map containing the declaration. -
parseClaimsJws()The method verifies the signature and parses the JWT.
2. Use the Nimbus jose-jwt library
Nimbus jose-jwtIt is another commonly used library that supports JWT generation and parsing.
Step 1: Add dependencies
existAdd the following dependencies to the file:
<dependency>
<groupId></groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>9.24.2</version>
</dependency>Step 2: Analyze JWT
The following is the usenimbus-jose-jwtSample code for parsing JWT:
import ;
import ;
import ;
public class JwtParser {
public static void main(String[] args) {
String jwtToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY2Nzg5MCIsImFkbWluIjp0cnVlLCJleHAiOjE2MDAwMDAezCuBf3DqQ";
String secretKey = "your-secret-key"; // Key for signature verification
try {
SignedJWT signedJWT = (jwtToken);
JWTClaimsSet claimsSet = ();
("Subject: " + ());
("Admin: " + ("admin"));
("Expiration: " + ());
} catch (JOSEException e) {
("Invalid JWT token");
();
}
}
}illustrate:
-
()Methods are used to parse JWT. -
getJWTClaimsSet()Method returns the contents of the Payload section.
3. Manual parsing (not recommended)
Although JWT can be parsed manually, this method requires processing Base64 encoding and signature verification.Highly not recommended。
Here is the sample code:
import .Base64;
public class JwtParser {
public static void main(String[] args) {
String jwtToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY2Nzg5MCIsImFkbWluIjp0cnVlLCJleHAiOjE2MDAwMDAezCuBf3DqQ";
String[] parts = ("\\.");
String payloadBase64 = parts[1];
// Decode Base64 byte[] decodedBytes = ().decode(payloadBase64);
String payload = new String(decodedBytes);
("Payload: " + payload);
}
}illustrate:
- This method is just decoding Payload.No signature verification。
- For testing or learning purposes only.
Notes:
-
Key Management: When parsing JWT, you need to provide a signature key (
secretKey), this is to verify the authenticity of JWT. - Exception handling: In actual projects, exceptions that may occur during the parsing process need to be processed.
- Security Question: Do not hardcode the key into the code. It can be stored in a configuration file or in an environment variable.
Through the above method, you can easily parse the Payload part of JWT in Java and extract the required declaration information.
Summarize
The above is personal experience. I hope you can give you a reference and I hope you can support me more.