feat: token的生成的解析需要以sign-verify，encrypt-decrypt成对出现

2024-10-01 00:26:32 +08:00 · 2024-10-01 00:26:32 +08:00 · 59ab17aa0c
commit 59ab17aa0c
parent 0cf030a57a
3 changed files with 11 additions and 13 deletions
--- a/flyfish-user/src/main/java/dev/flyfish/framework/user/config/WebSecurityConfig.java
+++ b/flyfish-user/src/main/java/dev/flyfish/framework/user/config/WebSecurityConfig.java
@ -113,7 +113,7 @@ public class WebSecurityConfig {
    }
    @ConditionalOnProperty(value = "jwt.enable", havingValue = "false")
-    @Bean
+    @Bean("contextRepository")
    public ServerSecurityContextRepository contextRepository() {
        return new WebSessionServerSecurityContextRepository();
    }
@ -137,10 +137,11 @@ public class WebSecurityConfig {
                                                            SecurityProperties properties,
                                                            ReactiveUserDetailsService userDetailsService,
                                                            ServerAuthenticationConverter authenticationConverter,
-                                                            AuthenticationAuditor authenticationAuditor) {
+                                                            AuthenticationAuditor authenticationAuditor,
                                                            ServerSecurityContextRepository contextRepository) {
        ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsService);
        return http
-                .securityContextRepository(contextRepository())
+                .securityContextRepository(contextRepository)
                .authorizeExchange(spec -> spec.pathMatchers(ArrayUtils.addAll(properties.getAllowUris(), "/api/logout", "/api/login")).permitAll()
                        .pathMatchers("/api/users/**").authenticated()
                        .anyExchange().authenticated())
@ -154,7 +155,7 @@ public class WebSecurityConfig {
                        .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.UNAUTHORIZED)))
                .csrf(spec -> spec.disable())
                .addFilterAt(
-                        configure(authenticationManager, authenticationAuditor, authenticationConverter, tokenProvider),
+                        configure(authenticationManager, authenticationAuditor, authenticationConverter, contextRepository),
                        SecurityWebFiltersOrder.FORM_LOGIN)
                .build();
    }
@ -207,13 +208,14 @@ public class WebSecurityConfig {
     */
    private AuthenticationWebFilter configure(ReactiveAuthenticationManager authenticationManager,
                                              AuthenticationAuditor authenticationAuditor,
-                                              ServerAuthenticationConverter authenticationConverter, TokenProvider tokenProvider) {
+                                              ServerAuthenticationConverter authenticationConverter,
                                              ServerSecurityContextRepository contextRepository) {
        AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter(authenticationManager);
        authenticationFilter.setRequiresAuthenticationMatcher(pathMatchers(HttpMethod.POST, "/login", "/api/login"));
        authenticationFilter.setAuthenticationFailureHandler(new JsonAuthenticationFailureHandler(authenticationAuditor));
        authenticationFilter.setServerAuthenticationConverter(authenticationConverter);
-        authenticationFilter.setAuthenticationSuccessHandler(new JsonAuthenticationSuccessHandler(authenticationAuditor, tokenProvider));
+        authenticationFilter.setAuthenticationSuccessHandler(new JsonAuthenticationSuccessHandler(authenticationAuditor));
-        authenticationFilter.setSecurityContextRepository(contextRepository());
+        authenticationFilter.setSecurityContextRepository(contextRepository);
        return authenticationFilter;
    }
--- a/flyfish-web/src/main/java/dev/flyfish/framework/configuration/jwt/TokenProvider.java
+++ b/flyfish-web/src/main/java/dev/flyfish/framework/configuration/jwt/TokenProvider.java
@ -168,9 +168,9 @@ public class TokenProvider implements InitializingBean {
     */
    public Claims parseToken(String token) {
        return Jwts.parser()
-                .decryptWith(key)
+                .verifyWith(key)
                .build()
-                .parseEncryptedClaims(token)
+                .parseSignedClaims(token)
                .getPayload();
    }
--- a/flyfish-web/src/main/java/dev/flyfish/framework/handler/JsonAuthenticationSuccessHandler.java
+++ b/flyfish-web/src/main/java/dev/flyfish/framework/handler/JsonAuthenticationSuccessHandler.java
@ -23,8 +23,6 @@ public class JsonAuthenticationSuccessHandler implements ServerAuthenticationSuc
    // 数据块工厂
    private final AuthenticationAuditor authenticationAuditor;
    // token提供者
    private final TokenProvider tokenProvider;
    /**
     * 登录成功后要返回用户的基本信息，节省带宽
@ -35,8 +33,6 @@ public class JsonAuthenticationSuccessHandler implements ServerAuthenticationSuc
     */
    @Override
    public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
        // 添加成功响应头
        tokenProvider.addToken(webFilterExchange.getExchange(), authentication);
        // 组装正确的响应信息
        ServerHttpResponse response = webFilterExchange.getExchange().getResponse();
        HttpHeaders headers = response.getHeaders();