From eb23176b78a16994075179ff6e761f47d7fa01d6 Mon Sep 17 00:00:00 2001 From: wangyu <727842003@qq.com> Date: Sun, 2 Oct 2022 21:00:34 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9A=E9=81=BF=E5=85=8D=E5=8F=8D?= =?UTF-8?q?=E5=A4=8D=E6=9F=A5=E8=AF=A2=EF=BC=8C=E5=8A=A0=E5=BF=AB=E9=80=9F?= =?UTF-8?q?=E5=BA=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jwt/JwtSecurityContextRepository.java | 24 +++++++------- .../configuration/jwt/TokenProvider.java | 32 +++++++------------ 2 files changed, 23 insertions(+), 33 deletions(-) diff --git a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java index e324396..492608a 100644 --- a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java +++ b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/JwtSecurityContextRepository.java @@ -3,8 +3,8 @@ package com.flyfish.framework.configuration.jwt; import com.flyfish.framework.service.MongoUserDetailsService; import lombok.extern.slf4j.Slf4j; import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.web.server.context.ServerSecurityContextRepository; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; @@ -20,23 +20,21 @@ public class JwtSecurityContextRepository implements ServerSecurityContextReposi @Resource private TokenProvider tokenProvider; + @Override public Mono load(ServerWebExchange serverWebExchange) { ServerHttpRequest request = serverWebExchange.getRequest(); String jwt = tokenProvider.retrieveToken(serverWebExchange).orElse(null); URI requestURI = request.getURI(); - // 存在jwt时,校验jwt。redis也需要存在 - return tokenProvider.validateToken(jwt).flatMap(authorized -> { - if (authorized) { - // token即将过期,续租 - Authentication authentication = tokenProvider.getAuthentication(jwt); - log.debug("set Authentication to security context for '{}', uri: {}", authentication.getName(), requestURI); - return userDetailsService.findByUsername(authentication.getName()) - .flatMap(userDetails -> userDetailsService.loadContext(userDetails)); - } else { - log.debug("no valid JWT token found, uri: {}", requestURI); - return Mono.empty(); - } + // 存在jwt时,校验jwt。redis也需要判断是否在黑名单 + return tokenProvider.validateToken(jwt).flatMap(userId -> { + log.debug("set Authentication to security context for '{}', uri: {}", userId, requestURI); + return userDetailsService.findByUsername(userId) + .map(userDetails -> { + SecurityContextImpl securityContext = new SecurityContextImpl(); + securityContext.setAuthentication(tokenProvider.getAuthentication(userDetails)); + return securityContext; + }); }); } diff --git a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java index cbad364..b109bd9 100644 --- a/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java +++ b/flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java @@ -15,16 +15,13 @@ import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; import javax.annotation.Resource; import java.security.Key; import java.time.Duration; -import java.util.Arrays; -import java.util.Collection; import java.util.Date; import java.util.Optional; import java.util.stream.Collectors; @@ -145,20 +142,12 @@ public class TokenProvider implements InitializingBean { /** * token解析第一步,获取认证。此处通过claims就能知道token是哪个端的 * - * @param token token + * @param userDetails 用户详情 * @return 结果 */ - public Authentication getAuthentication(String token) { - Claims claims = parseToken(token); - - Collection authorities = - Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(",")) - .filter(StringUtils::isNotBlank) - .map(SimpleGrantedAuthority::new) - .collect(Collectors.toList()); - - User principal = new User(claims.getSubject(), "", authorities); - return new UsernamePasswordAuthenticationToken(principal, token, authorities); + public Authentication getAuthentication(UserDetails userDetails) { + return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), + userDetails.getAuthorities()); } /** @@ -179,13 +168,16 @@ public class TokenProvider implements InitializingBean { return TOKEN_BLOCK_PREFIX + jti; } - public Mono validateToken(String authToken) { + public Mono validateToken(String authToken) { if (StringUtils.isBlank(authToken)) { - return Mono.just(false); + log.debug("no valid JWT token found"); + return Mono.empty(); } try { Claims claims = parseToken(authToken); - return reactiveRedisOperations.hasKey(getCacheKey(claims.getId())).map(exists -> !exists); + return reactiveRedisOperations.hasKey(getCacheKey(claims.getId())) + .filter(result -> !result) + .thenReturn(claims.getSubject()); } catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) { log.info("Invalid JWT signature."); log.trace("Invalid JWT signature trace: {}", e, e); @@ -202,6 +194,6 @@ public class TokenProvider implements InitializingBean { log.info("Token解析失败!"); log.trace("Token解析失败: {}", e, e); } - return Mono.just(false); + return Mono.empty(); } }