feat：避免反复查询，加快速度

2022-10-02 21:00:34 +08:00 · 2022-10-02 21:00:34 +08:00 · eb23176b78
commit eb23176b78
parent db2ff0519a
2 changed files with 23 additions and 33 deletions
--- a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java
+++ b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java
@ -3,8 +3,8 @@ package com.flyfish.framework.configuration.jwt;
 import com.flyfish.framework.service.MongoUserDetailsService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.server.reactive.ServerHttpRequest;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;
@ -20,23 +20,21 @@ public class JwtSecurityContextRepository implements ServerSecurityContextReposi
    @Resource
    private TokenProvider tokenProvider;

+
    @Override
    public Mono<SecurityContext> load(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        String jwt = tokenProvider.retrieveToken(serverWebExchange).orElse(null);
        URI requestURI = request.getURI();
-        // 存在jwt时，校验jwt。redis也需要存在
-        return tokenProvider.validateToken(jwt).flatMap(authorized -> {
-            if (authorized) {
-                // token即将过期，续租
-                Authentication authentication = tokenProvider.getAuthentication(jwt);
-                log.debug("set Authentication to security context for '{}', uri: {}", authentication.getName(), requestURI);
-                return userDetailsService.findByUsername(authentication.getName())
-                        .flatMap(userDetails -> userDetailsService.loadContext(userDetails));
-            } else {
-                log.debug("no valid JWT token found, uri: {}", requestURI);
-                return Mono.empty();
-            }
+        // 存在jwt时，校验jwt。redis也需要判断是否在黑名单
+        return tokenProvider.validateToken(jwt).flatMap(userId -> {
+            log.debug("set Authentication to security context for '{}', uri: {}", userId, requestURI);
+            return userDetailsService.findByUsername(userId)
+                    .map(userDetails -> {
+                        SecurityContextImpl securityContext = new SecurityContextImpl();
+                        securityContext.setAuthentication(tokenProvider.getAuthentication(userDetails));
+                        return securityContext;
+                    });
        });
    }

--- a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java
+++ b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java
@ -15,16 +15,13 @@ import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.server.ServerWebExchange;
 import reactor.core.publisher.Mono;

 import javax.annotation.Resource;
 import java.security.Key;
 import java.time.Duration;
-import java.util.Arrays;
-import java.util.Collection;
 import java.util.Date;
 import java.util.Optional;
 import java.util.stream.Collectors;
@ -145,20 +142,12 @@ public class TokenProvider implements InitializingBean {
    /**
     * token解析第一步，获取认证。此处通过claims就能知道token是哪个端的
     *
-     * @param token token
+     * @param userDetails 用户详情
     * @return 结果
     */
-    public Authentication getAuthentication(String token) {
-        Claims claims = parseToken(token);
-
-        Collection<? extends GrantedAuthority> authorities =
-                Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(","))
-                        .filter(StringUtils::isNotBlank)
-                        .map(SimpleGrantedAuthority::new)
-                        .collect(Collectors.toList());
-
-        User principal = new User(claims.getSubject(), "", authorities);
-        return new UsernamePasswordAuthenticationToken(principal, token, authorities);
+    public Authentication getAuthentication(UserDetails userDetails) {
+        return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),
+                userDetails.getAuthorities());
    }

    /**
@ -179,13 +168,16 @@ public class TokenProvider implements InitializingBean {
        return TOKEN_BLOCK_PREFIX + jti;
    }

-    public Mono<Boolean> validateToken(String authToken) {
+    public Mono<String> validateToken(String authToken) {
        if (StringUtils.isBlank(authToken)) {
-            return Mono.just(false);
+            log.debug("no valid JWT token found");
+            return Mono.empty();
        }
        try {
            Claims claims = parseToken(authToken);
-            return reactiveRedisOperations.hasKey(getCacheKey(claims.getId())).map(exists -> !exists);
+            return reactiveRedisOperations.hasKey(getCacheKey(claims.getId()))
+                    .filter(result -> !result)
+                    .thenReturn(claims.getSubject());
        } catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
            log.info("Invalid JWT signature.");
            log.trace("Invalid JWT signature trace: {}", e, e);
@ -202,6 +194,6 @@ public class TokenProvider implements InitializingBean {
            log.info("Token解析失败！");
            log.trace("Token解析失败: {}", e, e);
        }
-        return Mono.just(false);
+        return Mono.empty();
    }
 }