朱兆平 / spring cloud基础开发框架 · 提交

转到一个项目

作者 朱兆平
提交 110e72c492ab258cfc4837b980b06553540241e6 1 个父辈 b55467c3

token认证方式改为从redis认证

内嵌 并排对比
正在显示 1 个修改的文件 包含 26 行增加1 行删除
1 package com.tianbo.warehouse.security.filter; 1 package com.tianbo.warehouse.security.filter;
2 2
  3 +import com.alibaba.fastjson.JSON;
  4 +import com.alibaba.fastjson.JSONObject;
  5 +import com.tianbo.warehouse.model.USERS;
3 import com.tianbo.warehouse.security.CustomUserDetailService; 6 import com.tianbo.warehouse.security.CustomUserDetailService;
  7 +import com.tianbo.warehouse.util.RedisUtils;
  8 +import lombok.extern.slf4j.Slf4j;
4 import org.springframework.beans.factory.annotation.Autowired; 9 import org.springframework.beans.factory.annotation.Autowired;
5 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 10 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
6 import org.springframework.security.core.context.SecurityContextHolder; 11 import org.springframework.security.core.context.SecurityContextHolder;
  12 +import org.springframework.security.core.userdetails.User;
7 import org.springframework.security.core.userdetails.UserDetails; 13 import org.springframework.security.core.userdetails.UserDetails;
8 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; 14 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
9 import org.springframework.stereotype.Component; 15 import org.springframework.stereotype.Component;
@@ -23,10 +29,14 @@ import java.io.IOException; @@ -23,10 +29,14 @@ import java.io.IOException;
23 * 注意此过滤器每次都会被访问,每个URL带TOKEN 访问这里然后去查用户的资料 会造成数据库压力。 29 * 注意此过滤器每次都会被访问,每个URL带TOKEN 访问这里然后去查用户的资料 会造成数据库压力。
24 * !!!!后期要把用户资料存储在Redis中,然后用户资料从redis中取,减少数据库压力。 30 * !!!!后期要把用户资料存储在Redis中,然后用户资料从redis中取,减少数据库压力。
25 */ 31 */
  32 +@Slf4j
26 @Component 33 @Component
27 public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{ 34 public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{
28 35
29 @Autowired 36 @Autowired
  37 + RedisUtils redisUtils;
  38 +
  39 + @Autowired
30 CustomUserDetailService userDetailService; 40 CustomUserDetailService userDetailService;
31 41
32 @Override 42 @Override
@@ -38,10 +48,16 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{ @@ -38,10 +48,16 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{
38 //请求体为 Bearer token 48 //请求体为 Bearer token
39 String authHeader = request.getHeader("Authorization"); 49 String authHeader = request.getHeader("Authorization");
40 if (authHeader != null && authHeader.startsWith("Bearer ")) { 50 if (authHeader != null && authHeader.startsWith("Bearer ")) {
  51 + //获取具体token值,不用了
41 final String authToken = authHeader.substring("Bearer ".length()); 52 final String authToken = authHeader.substring("Bearer ".length());
42 53
43 - String username = JwtTokenUtil.parseToken(authToken);  
44 54
  55 +// String username = JwtTokenUtil.parseToken(authToken);
  56 + String userJson = redisUtils.get(authToken);
  57 + try {
  58 + if (userJson!=null){
  59 + USERS u = JSON.parseObject(userJson,USERS.class);
  60 + String username = u.getUsername();
45 //有JWT 没有登录,去JWT的 信息 获取用户信息,赋予登录 61 //有JWT 没有登录,去JWT的 信息 获取用户信息,赋予登录
46 if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) { 62 if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
47 UserDetails userDetails = userDetailService.loadUserByUsername(username); 63 UserDetails userDetails = userDetailService.loadUserByUsername(username);
@@ -53,8 +69,17 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{ @@ -53,8 +69,17 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter{
53 SecurityContextHolder.getContext().setAuthentication(authentication); 69 SecurityContextHolder.getContext().setAuthentication(authentication);
54 } 70 }
55 } 71 }
  72 + }
56 73
  74 + }catch (Exception e){
  75 + e.printStackTrace();
  76 + log.error(e.toString());
57 } 77 }
  78 +
  79 + }else{
  80 + log.warn("token验证未通过{}",authHeader);
  81 + }
  82 +
58 filterChain.doFilter(request, response); 83 filterChain.doFilter(request, response);
59 } 84 }
60 } 85 }