1. Overview

1.1 Plugin Name

• jwt plugin

1.2 Appropriate Scenario

• Requires unified authentication by jwt at the gateway.

1.3 Plugin functionality

• The jwt plug-in is for the token attribute or authorization of the http request header to carry the attribute value for authentication judgment and judge OAuth2.0 .

1.4 Plugin code

• Core module is shenyu-plugin-jwt.
• Core class is org.apache.shenyu.plugin.jwt.JwtPlugin.

1.5 Added Since Which shenyu version

• Since ShenYu 2.4.0

2.How to use plugin

2.1 Plugin-use procedure chart

2.2 Import pom

<dependency>
    <groupId>org.apache.shenyu</groupId>
    <artifactId>shenyu-spring-boot-starter-plugin-jwt</artifactId>
    <version>${project.version}</version>
</dependency>

2.3 Enable plugin

• In shenyu-admin --> BasicConfig --> Plugin --> jwt set Status enable.

2.4 Config plugin

2.4.1 Config plugin in ShenYu-Admin

• Config secretKey of jwt-plugin in shenyu-admin, the secretKey must more than 256 bit.
• secretKey: The private key when using jwt to generate token, it is required.

2.4.2 Selector config

• Selector and rule Config. Please refer: Selector and rule config.

2.4.3 Rule Config

• convert means jwt converter
• jwtVal: jwt of body name
• headerVal: jwt header name

custom covert algorithm：custom-jwt-covert-algorithm

2.5 Examples

2.5.1 Use jwt token for authentication judgment

2.5.1.1 Config jwt-plugin

2.5.1.2 Config selector match service

2.5.1.3 Config rule match service

2.5.1.4 Generate json web token(jwt) with website

• You can open https://jwt.io/ in your browser and fill in the corresponding parameters.
• Config jwt header HEADER in https://jwt.io/
• Config jwt body PAYLOAD in https://jwt.io/
• Config jwt signature VERIFY SIGNATURE in https://jwt.io/

2.5.1.5 Generate json web token(jwt) with java code

public final class JwtPluginTest {
    
  public void generateJwtCode() {
    final String secreteKey = "shenyu-test-shenyu-test-shenyu-test";
    Map<String, String> map = new HashMap<>();
    map.put("id", "1");
    map.put("name", "xiaoming");
    Date date = new Date();
    date.setTime(1655524800000L);
    String token = Jwts.builder()
            .setIssuedAt(date)
            .setExpiration(new Date())
            .setClaims(map)
            .signWith(Keys.hmacShaKeyFor(secreteKey.getBytes(StandardCharsets.UTF_8)), SignatureAlgorithm.HS256)
            .compact();
    System.out.println(token);
  }
}

2.5.1.6 Request Service

2.5.1.6.1 Request service with token

• request your service with jwt token token: eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoieGlhb21pbmciLCJpZCI6IjEifQ.LdRzGlB49alhq204chwF7pf3C0z8ZpuowPvoQdJmSRw in your request header.

2.5.1.6.2 Request service Authorization

• request your service with Authorization Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoieGlhb21pbmciLCJpZCI6IjEifQ.LdRzGlB49alhq204chwF7pf3C0z8ZpuowPvoQdJmSRw in your request header.

2.5.1.7 Validate request result

• error token request result

{
  "code": 401,
  "message": "Illegal authorization"
}

• normal token request result

{
  "id": "123",
  "name": "hello world save order"
}

3. How to disable plugin

• In shenyu-admin --> BasicConfig --> Plugin --> jwt set Status disable.