tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 权限集合从Security上下文移除缓存redis

Browse Source
This commit is contained in:
haoxr
2022-12-13 00:31:05 +08:00
parent 33327f48a9
commit e0fd72a980
2 changed files with 28 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/com/youlai/system/filter/JwtAuthenticationFilter.java → src/main/java/com/youlai/system/security/filter/JwtAuthenticationFilter.java
View File

@@ -1,4 +1,4 @@
package com.youlai.system.filter; package com.youlai.system.security.filter;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import com.youlai.system.common.result.ResultCode; import com.youlai.system.common.result.ResultCode;
@@ -16,9 +16,10 @@ import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
/** /**
* jwt auth token filter. * JWT token校验拦截器
* *
* @author haoxr * @author haoxr
* @date 2022/10/1
*/ */
public class JwtAuthenticationFilter extends OncePerRequestFilter { public class JwtAuthenticationFilter extends OncePerRequestFilter {
@@ -39,15 +40,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
String jwt = resolveToken(request); String jwt = resolveToken(request);
if (StrUtil.isNotBlank(jwt) && SecurityContextHolder.getContext().getAuthentication() == null) { if (StrUtil.isNotBlank(jwt) && SecurityContextHolder.getContext().getAuthentication() == null) {
try { try {
// 验证token
this.tokenManager.validateToken(jwt); this.tokenManager.validateToken(jwt);
// JWT验证有效获取Authentication存入Security上下文
Authentication authentication = this.tokenManager.getAuthentication(jwt); Authentication authentication = this.tokenManager.getAuthentication(jwt);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
chain.doFilter(request, response); chain.doFilter(request, response);
}catch (Exception e){ }catch (Exception e){
ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID_OR_EXPIRED); ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
} }
}else{ }else{
ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID_OR_EXPIRED); ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
} }
} }

61
src/main/java/com/youlai/system/security/jwt/JwtTokenManager.java
View File

@@ -16,9 +16,7 @@
package com.youlai.system.security.jwt; package com.youlai.system.security.jwt;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.convert.Convert; import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.StrUtil;
import com.youlai.system.security.userdetails.SysUserDetails; import com.youlai.system.security.userdetails.SysUserDetails;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtParser; import io.jsonwebtoken.JwtParser;
@@ -31,13 +29,12 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.annotation.Resource; import javax.annotation.Resource;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Date; import java.util.Date;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@@ -45,7 +42,7 @@ import java.util.stream.Collectors;
/** /**
* JWT token manager. * JWT token manager
* *
* @author haoxr * @author haoxr
* @date 2022/10/22 * @date 2022/10/22
@@ -93,40 +90,24 @@ public class JwtTokenManager {
SysUserDetails userDetails = (SysUserDetails) authentication.getPrincipal(); SysUserDetails userDetails = (SysUserDetails) authentication.getPrincipal();
claims.put("userId", userDetails.getUserId()); claims.put("userId", userDetails.getUserId());
claims.put("username", claims.getSubject()); claims.put("username", claims.getSubject());
claims.put("deptId", userDetails.getDeptId());
claims.put("dataScope", userDetails.getDataScope());
// 角色放入JWT的claims
Set<String> roles = userDetails.getAuthorities().stream() Set<String> roles = userDetails.getAuthorities().stream()
.map(item -> item.getAuthority()).collect(Collectors.toSet()); .map(item -> item.getAuthority()).collect(Collectors.toSet());
Set<String> authorities = userDetails.getPerms(); claims.put("authorities", roles);
authorities.addAll(roles);
redisTemplate.opsForValue().set("USER_PERMS:" + userDetails.getUserId(), authorities);
return Jwts.builder().setClaims(claims).setExpiration(validity)
.signWith(SignatureAlgorithm.HS256, Keys.hmacShaKeyFor(this.getSecretKeyBytes())).compact();
}
/** // 权限数据多放入Redis
* Create token. Set<String> perms = userDetails.getPerms();
* redisTemplate.opsForValue().set("USER_PERMS:" + userDetails.getUserId(), perms);
* @param userName auth info
* @return token
*/
public String createToken(String userName) {
long now = System.currentTimeMillis();
Date validity;
validity = new Date(now + tokenValidity * 1000L);
Claims claims = Jwts.claims().setSubject(userName);
return Jwts.builder().setClaims(claims).setExpiration(validity) return Jwts.builder().setClaims(claims).setExpiration(validity)
.signWith(SignatureAlgorithm.HS256, Keys.hmacShaKeyFor(this.getSecretKeyBytes())).compact(); .signWith(SignatureAlgorithm.HS256, Keys.hmacShaKeyFor(this.getSecretKeyBytes())).compact();
} }
/** /**
* Get auth Info. * 获取认证信息
*
* @param token token
* @return auth info
*/ */
public Authentication getAuthentication(String token) { public Authentication getAuthentication(String token) {
if (jwtParser == null) { if (jwtParser == null) {
@@ -134,28 +115,22 @@ public class JwtTokenManager {
} }
Claims claims = jwtParser.parseClaimsJws(token).getBody(); Claims claims = jwtParser.parseClaimsJws(token).getBody();
List<GrantedAuthority> authorities = AuthorityUtils
.commaSeparatedStringToAuthorityList((String) claims.get("authorities"));
SysUserDetails principal = new SysUserDetails(); SysUserDetails principal = new SysUserDetails();
principal.setUserId(Convert.toLong(claims.get("userId"))); principal.setUserId(Convert.toLong(claims.get("userId")));
principal.setUsername(Convert.toStr(claims.get("username"))); principal.setUsername(Convert.toStr(claims.get("username")));
principal.setDeptId(Convert.toLong(claims.get("deptId")));
principal.setDataScope(Convert.toInt(claims.get("dataScope")));
// 权限数据过多放置在redis List<SimpleGrantedAuthority> authorities = ((ArrayList<String>) claims.get("authorities"))
Set<String> perms = (Set<String>) redisTemplate.opsForValue().get("USER_PERMS:" + claims.get("userId")); .stream()
if (CollectionUtil.isNotEmpty(perms)) { .map(role -> new SimpleGrantedAuthority(role))
List<GrantedAuthority> permAuthorities = perms.stream()
.map(perm -> new SimpleGrantedAuthority(perm))
.collect(Collectors.toList()); .collect(Collectors.toList());
authorities.addAll(permAuthorities);
}
return new UsernamePasswordAuthenticationToken(principal, "", authorities); return new UsernamePasswordAuthenticationToken(principal, "", authorities);
} }
/** /**
* validate token. * 验证token
*
* @param token token
*/ */
public void validateToken(String token) { public void validateToken(String token) {
if (jwtParser == null) { if (jwtParser == null) {