How to Create JSON Web Token (JWT) using Java: In this tutorial, we will see how we gonna create JSON web token using Java.
What is JWT?
JSON Web Token is a string in an encrypted format. After the decryption of the JWT String will have JSON information.
JWT is generally used for session validations and to pass user information to client side in secure way. every time when user access the pages server will send a JWT token. which is used JWT token is used for user authentication at the server-side.
what is the JWT Structure
header { ... }, body { ... }, signature { ... }
We can create a JWT token using different programming languages. it is independent of programming language.
How to Create a JWT token in java.
Create a simple maven project. add below dependency
<dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>
Below is the code to generate the JWT token
Key key = MacProvider.generateKey(); Map<String,Object> map=new HashMap<String,Object>(); map.put("name","Mark"); map.put("age",25); map.put("gender","Male"); String Jwstoken = Jwts.builder() .setSubject("json web token").addClaims(map) .signWith(SignatureAlgorithm.HS512, key) .compact();
in above code we are creating the JWT token for Map object with subject as JSON web token. generated JWT token is using SignatureAlgorithm.HS512. we can use the different algorithms by referring to API.
below are all available algorithms
HS256: HMAC using SHA-256 HS384: HMAC using SHA-384 HS512: HMAC using SHA-512 RS256: RSASSA-PKCS-v1_5 using SHA-256 RS384: RSASSA-PKCS-v1_5 using SHA-384 RS512: RSASSA-PKCS-v1_5 using SHA-512 PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384 PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512 ES256: ECDSA using P-256 and SHA-256 ES384: ECDSA using P-384 and SHA-384 ES512: ECDSA using P-521 and SHA-512
The created token will be looks like below
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJqc29uIHdlYiB0b2tlbiIsImdlbmRlciI6Ik1hbGUiLCJuYW1lIjoiTWFyayIsImFnZSI6MjV9.LGEFHrytCcxAUv-w8oMfKl81velQ4H8JXmXO4tLIaa1nDMOU3w01B1ejrWsVMY37iTCZGRp4_TFCSN36YjU_Pw
For Decoding the JWT Token below is the code
Jws<Claims> jws = Jwts.parser().setSigningKey(key).parseClaimsJws(Jwstoken);
Jwstoken is the token generated and sent to the client.
below is the complete class for encoding and decoding of JWT
import java.security.Key; import java.util.HashMap; import java.util.Map; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.impl.crypto.MacProvider; public class CreatingJWT { public static void main(String[] args) { // TODO Auto-generated method stub Key key = MacProvider.generateKey(); Map<String,Object> map=new HashMap<String,Object>(); map.put("name","Mark"); map.put("age",25); map.put("gender","Male"); String Jwstoken = Jwts.builder() .setSubject("json web token").addClaims(map) .signWith(SignatureAlgorithm.HS512, key) .compact(); System.out.println("JWT Token:"+Jwstoken); Jws<Claims> jws = Jwts.parser() .setSigningKey(key) .parseClaimsJws(Jwstoken); System.out.println(jws); } }
Note: For decoding, JWT Token setSigningKey should be the same as the Key used for encoding
Happy Coding.
Also Read: Creating Entity Classes From Database Schema using Eclipse