henryC/flyfish-framework
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: 不使用cookie

Browse Source
This commit is contained in:
wangyu 2021-01-11 15:51:11 +08:00
parent 1b160cea79
commit 9748d26660
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
flyfish-web/src/main/java/com/flyfish/framework/configuration/jwt/TokenProvider.java
View File

@ -1,7 +1,6 @@
package com.flyfish.framework.configuration.jwt;
import com.flyfish.framework.domain.base.IUser;
import com.flyfish.framework.enums.UserType;
import com.flyfish.framework.utils.RedisOperations;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
@ -23,7 +22,10 @@ import org.springframework.web.server.ServerWebExchange;
import javax.annotation.Resource;
import java.security.Key;
import java.util.*;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Optional;
import java.util.stream.Collectors;
/**
@ -36,7 +38,6 @@ public class TokenProvider implements InitializingBean {
public static final String AUTHORIZATION_HEADER = "Authorization";
private static final String AUTHORITIES_KEY = "auth";
private static List<UserType> TOKEN_USER_TYPES = Arrays.asList(UserType.USER, UserType.VIP);
private final String base64Secret;
private final long tokenValidityInMilliseconds;
private final long tokenValidityInMillisecondsForRememberMe;
@ -85,12 +86,10 @@ public class TokenProvider implements InitializingBean {
String token = createToken(authentication, true);
HttpHeaders headers = exchange.getResponse().getHeaders();
// app用户从头部返回方便获取
if (TOKEN_USER_TYPES.contains(user.getUserType())) {
headers.add("Token", token);
}
headers.add("Token", token);
// token在web端的时间较短不允许记住所以使用短期
exchange.getResponse().addCookie(ResponseCookie.from(AUTHORIZATION_HEADER, "Bearer-" + token).
httpOnly(true).maxAge(tokenValidityInMilliseconds).build());
// exchange.getResponse().addCookie(ResponseCookie.from(AUTHORIZATION_HEADER, "Bearer-" + token).
// httpOnly(true).maxAge(tokenValidityInMilliseconds).build());
// redis存储时间长
redisOperations.set(token, true, tokenValidityInMillisecondsForRememberMe);
}