在Play Framework 2.6中使用JWT身份验证 [英] Using JWT authentication with Play Framework 2.6
问题描述
我在使用旧版本指南<,但我想重点关注新的Play 2.6
I'm having issues with using JWT Authentication using guides for older versions but I'd like to focus on the new Play 2.6
根据官方文档,现在已经在后台使用了JWT
According to the official documentation, JWT is now used under the hood.
似乎有一种更简单的方法,而不是创建ActionBuilder和一堆其他类或导入第三方库,但是我不知道该怎么做.
It seems like there would be an easier way instead of creating an ActionBuilder and a bunch of other classes or importing third-party libraries but I can't figure out what I would need to do.
任何人都可以给我有关如何使用2.6创建JWT令牌/秘密的指导吗?最好使用Java,但我也可以通过Scala进行开发.
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
推荐答案
任何人都可以给我有关如何使用2.6创建JWT令牌/秘密的指导吗?最好使用Java,但我也可以通过Scala进行尝试.
Can anyone give me guidance on how to create JWT tokens/secrets with 2.6? Preferably Java but I could make my way through Scala as well.
JWT被烘焙到会话cookie中.您根本不需要为此做任何事情. Play中没有用户可见的JWT标头,但是您可以使用JJWT库 https://github.com/jwtk /jjwt ,Play会在后台使用它来创建自己的JWT并使用它.
JWT is baked into the session cookie. You don't need to do anything at all for that. There is no user visible JWT header in Play, but you can use the JJWT library https://github.com/jwtk/jjwt which Play uses under the hood to create your own JWT and use that.
在> https://github.com/franzgranlund/play-java中有一个示例项目-jwt ,它使用与标题稍有不同的JWT库,但是给出了这个主意.
There is an example project at https://github.com/franzgranlund/play-java-jwt which uses a slightly different JWT library for headers, but gives the idea.
主要要做的是验证您收到的JWT使用的是发送的相同算法,即没有人向您发送alg = NONE或愚蠢的东西,并确保您使用的是体面的算法,即具有AES-GCM的HMAC-SHA256.
The main thing to do is verify that the JWT you get back is using the same algorithm you sent out, i.e. no-one has sent you an alg=NONE or something silly, and ensure you're using a decent algorithm, i.e. HMAC-SHA256 with AES-GCM.
If you're interested in using encryption/signing generally, there's an example in https://github.com/playframework/play-scala-secure-session-example/ which should help.
这篇关于在Play Framework 2.6中使用JWT身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
