diff --git a/src/main/java/com/youlai/system/filter/JwtAuthenticationFilter.java b/src/main/java/com/youlai/system/security/filter/JwtAuthenticationFilter.java similarity index 90% rename from src/main/java/com/youlai/system/filter/JwtAuthenticationFilter.java rename to src/main/java/com/youlai/system/security/filter/JwtAuthenticationFilter.java index 01f34d6c..dfdb8687 100644 --- a/src/main/java/com/youlai/system/filter/JwtAuthenticationFilter.java +++ b/src/main/java/com/youlai/system/security/filter/JwtAuthenticationFilter.java @@ -1,4 +1,4 @@ -package com.youlai.system.filter; +package com.youlai.system.security.filter; import cn.hutool.core.util.StrUtil; import com.youlai.system.common.result.ResultCode; @@ -16,9 +16,10 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** - * jwt auth token filter. + * JWT token校验拦截器 * * @author haoxr + * @date 2022/10/1 */ public class JwtAuthenticationFilter extends OncePerRequestFilter { @@ -39,15 +40,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { String jwt = resolveToken(request); if (StrUtil.isNotBlank(jwt) && SecurityContextHolder.getContext().getAuthentication() == null) { try { + // 验证token this.tokenManager.validateToken(jwt); + + // JWT验证有效获取Authentication存入Security上下文 Authentication authentication = this.tokenManager.getAuthentication(jwt); SecurityContextHolder.getContext().setAuthentication(authentication); + chain.doFilter(request, response); }catch (Exception e){ - ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID_OR_EXPIRED); + ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID); } }else{ - ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID_OR_EXPIRED); + ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID); } } diff --git a/src/main/java/com/youlai/system/security/jwt/JwtTokenManager.java b/src/main/java/com/youlai/system/security/jwt/JwtTokenManager.java index 597ca923..963e43e1 100644 --- a/src/main/java/com/youlai/system/security/jwt/JwtTokenManager.java +++ b/src/main/java/com/youlai/system/security/jwt/JwtTokenManager.java @@ -16,9 +16,7 @@ package com.youlai.system.security.jwt; -import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.convert.Convert; -import cn.hutool.core.util.StrUtil; import com.youlai.system.security.userdetails.SysUserDetails; import io.jsonwebtoken.Claims; import io.jsonwebtoken.JwtParser; @@ -31,13 +29,12 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import javax.annotation.Resource; import java.nio.charset.StandardCharsets; +import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.Set; @@ -45,7 +42,7 @@ import java.util.stream.Collectors; /** - * JWT token manager. + * JWT token manager * * @author haoxr * @date 2022/10/22 @@ -93,40 +90,24 @@ public class JwtTokenManager { SysUserDetails userDetails = (SysUserDetails) authentication.getPrincipal(); claims.put("userId", userDetails.getUserId()); claims.put("username", claims.getSubject()); + claims.put("deptId", userDetails.getDeptId()); + claims.put("dataScope", userDetails.getDataScope()); + + // 角色放入JWT的claims Set roles = userDetails.getAuthorities().stream() .map(item -> item.getAuthority()).collect(Collectors.toSet()); - Set authorities = userDetails.getPerms(); - authorities.addAll(roles); - redisTemplate.opsForValue().set("USER_PERMS:" + userDetails.getUserId(), authorities); - return Jwts.builder().setClaims(claims).setExpiration(validity) - .signWith(SignatureAlgorithm.HS256, Keys.hmacShaKeyFor(this.getSecretKeyBytes())).compact(); - } + claims.put("authorities", roles); - /** - * Create token. - * - * @param userName auth info - * @return token - */ - public String createToken(String userName) { - - long now = System.currentTimeMillis(); - - Date validity; - - validity = new Date(now + tokenValidity * 1000L); - - Claims claims = Jwts.claims().setSubject(userName); + // 权限数据多放入Redis + Set perms = userDetails.getPerms(); + redisTemplate.opsForValue().set("USER_PERMS:" + userDetails.getUserId(), perms); return Jwts.builder().setClaims(claims).setExpiration(validity) .signWith(SignatureAlgorithm.HS256, Keys.hmacShaKeyFor(this.getSecretKeyBytes())).compact(); } /** - * Get auth Info. - * - * @param token token - * @return auth info + * 获取认证信息 */ public Authentication getAuthentication(String token) { if (jwtParser == null) { @@ -134,28 +115,22 @@ public class JwtTokenManager { } Claims claims = jwtParser.parseClaimsJws(token).getBody(); - List authorities = AuthorityUtils - .commaSeparatedStringToAuthorityList((String) claims.get("authorities")); - SysUserDetails principal = new SysUserDetails(); principal.setUserId(Convert.toLong(claims.get("userId"))); principal.setUsername(Convert.toStr(claims.get("username"))); + principal.setDeptId(Convert.toLong(claims.get("deptId"))); + principal.setDataScope(Convert.toInt(claims.get("dataScope"))); + + List authorities = ((ArrayList) claims.get("authorities")) + .stream() + .map(role -> new SimpleGrantedAuthority(role)) + .collect(Collectors.toList()); - // 权限数据过多放置在redis - Set perms = (Set) redisTemplate.opsForValue().get("USER_PERMS:" + claims.get("userId")); - if (CollectionUtil.isNotEmpty(perms)) { - List permAuthorities = perms.stream() - .map(perm -> new SimpleGrantedAuthority(perm)) - .collect(Collectors.toList()); - authorities.addAll(permAuthorities); - } return new UsernamePasswordAuthenticationToken(principal, "", authorities); } /** - * validate token. - * - * @param token token + * 验证token */ public void validateToken(String token) { if (jwtParser == null) {