java

Java JWT Token Üretme Utility

Spring Boot uygulamaları için JWT token üretme ve doğrulama utility sınıfı. JJWT kütüphanesi ile HS256 imzalama.

By Tolgahan · February 25, 2026 · 389 görüntülenme

java

import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

import javax.crypto.SecretKey;
import java.util.*;
import java.util.function.Function;

@Component
public class JwtUtil {

    @Value("${jwt.secret}")
    private String secretKey;

    @Value("${jwt.access-token-expiration:900000}")  // 15 dakika
    private long accessTokenExpiration;

    @Value("${jwt.refresh-token-expiration:604800000}")  // 7 gün
    private long refreshTokenExpiration;

    // Access token üret
    public String generateAccessToken(UserDetails userDetails) {
        Map<String, Object> claims = new HashMap<>();
        claims.put("roles", userDetails.getAuthorities().stream()
            .map(GrantedAuthority::getAuthority)
            .toList());
        return buildToken(claims, userDetails.getUsername(), accessTokenExpiration);
    }

    // Refresh token üret
    public String generateRefreshToken(UserDetails userDetails) {
        return buildToken(new HashMap<>(), userDetails.getUsername(), refreshTokenExpiration);
    }

    // Token oluştur
    private String buildToken(Map<String, Object> claims, String subject, long expiration) {
        return Jwts.builder()
            .claims(claims)
            .subject(subject)
            .issuedAt(new Date())
            .expiration(new Date(System.currentTimeMillis() + expiration))
            .signWith(getSigningKey())
            .compact();
    }

    // Token'dan username çıkar
    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);
    }

    // Token geçerli mi?
    public boolean isTokenValid(String token, UserDetails userDetails) {
        final String username = extractUsername(token);
        return username.equals(userDetails.getUsername()) && !isTokenExpired(token);
    }

    // Token süresi dolmuş mu?
    private boolean isTokenExpired(String token) {
        return extractClaim(token, Claims::getExpiration).before(new Date());
    }

    // Belirli bir claim çıkar
    private <T> T extractClaim(String token, Function<Claims, T> resolver) {
        final Claims claims = Jwts.parser()
            .verifyWith(getSigningKey())
            .build()
            .parseSignedClaims(token)
            .getPayload();
        return resolver.apply(claims);
    }

    // İmzalama anahtarı
    private SecretKey getSigningKey() {
        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
        return Keys.hmacShaKeyFor(keyBytes);
    }
}

import io.jsonwebtoken.*; import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.security.Keys; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; import javax.crypto.SecretKey; import java.util.*; import java.util.function.Function; @Component public class JwtUtil { @Value("${jwt.secret}") private String secretKey; @Value("${jwt.access-token-expiration:900000}") // 15 dakika private long accessTokenExpiration; @Value("${jwt.refresh-token-expiration:604800000}") // 7 gün private long refreshTokenExpiration; // Access token üret public String generateAccessToken(UserDetails userDetails) { Map<String, Object> claims = new HashMap<>(); claims.put("roles", userDetails.getAuthorities().stream() .map(GrantedAuthority::getAuthority) .toList()); return buildToken(claims, userDetails.getUsername(), accessTokenExpiration); } // Refresh token üret public String generateRefreshToken(UserDetails userDetails) { return buildToken(new HashMap<>(), userDetails.getUsername(), refreshTokenExpiration); } // Token oluştur private String buildToken(Map<String, Object> claims, String subject, long expiration) { return Jwts.builder() .claims(claims) .subject(subject) .issuedAt(new Date()) .expiration(new Date(System.currentTimeMillis() + expiration)) .signWith(getSigningKey()) .compact(); } // Token'dan username çıkar public String extractUsername(String token) { return extractClaim(token, Claims::getSubject); } // Token geçerli mi? public boolean isTokenValid(String token, UserDetails userDetails) { final String username = extractUsername(token); return username.equals(userDetails.getUsername()) && !isTokenExpired(token); } // Token süresi dolmuş mu? private boolean isTokenExpired(String token) { return extractClaim(token, Claims::getExpiration).before(new Date()); } // Belirli bir claim çıkar private <T> T extractClaim(String token, Function<Claims, T> resolver) { final Claims claims = Jwts.parser() .verifyWith(getSigningKey()) .build() .parseSignedClaims(token) .getPayload(); return resolver.apply(claims); } // İmzalama anahtarı private SecretKey getSigningKey() { byte[] keyBytes = Decoders.BASE64.decode(secretKey); return Keys.hmacShaKeyFor(keyBytes); } }

Bu snippet'i göm


                        <iframe src="https://tolgahan.dev/snippets/java-jwt-token-uretme-utility/embed" width="100%" height="400" frameborder="0"></iframe>

Paylaş: