JWT的TOKEN续期功能
2019-02-13阅读 3.1K0
JWT里有一个关键的东东,就是续期TOKEN,即TOKEN快过期时,刷新一个新的TOKEN给客户端.
办法如下:
1.后端生成TOKEN
import com.starmark.core.shiro.model.SecurityUser;
import com.starmark.core.shiro.model.UserLoginToken;
import com.starmark.core.shiro.util.JWTUtil;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.Objects;
public class JwtAuthFilter extends AuthenticatingFilter {
private final Logger log = LoggerFactory.getLogger(JwtAuthFilter.class);
//10分钟后刷新token
private static final int tokenRefreshInterval = 60 * 10;
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {HttpServletRequest httpServletRequest = WebUtils.toHttp(request);if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) //对于OPTION请求做拦截,不做token校验return false;return super.preHandle(request, response);
}@Override
protected void postHandle(ServletRequest request, ServletResponse response) {request.setAttribute("jwtShiroFilter.FILTERED", true);
}@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {if (this.isLoginRequest(request, response)) {return true;}Boolean afterFiltered = (Boolean) (request.getAttribute("jwtShiroFilter.FILTERED"));if (BooleanUtils.isTrue(afterFiltered))return true;boolean allowed = false;try {allowed = executeLogin(request, response);} catch (IllegalStateException e) { //not found any tokenlog.error("Not found any token");} catch (Exception e) {log.error("Error occurs when login", e);}return allowed || super.isPermissive(mappedValue);
}@Override
protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {String jwtToken = getAuthzHeader(servletRequest);if (StringUtils.isNotBlank(jwtToken) && !JWTUtil.isTokenExpired(jwtToken))return UserLoginToken.buildPassword(jwtToken, null, "jwt");return null;
}@Override
protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {HttpServletResponse httpResponse = WebUtils.toHttp(servletResponse);httpResponse.sendRedirect("/unauth");return false;
}@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) {HttpServletResponse httpResponse = WebUtils.toHttp(response);if (token instanceof UserLoginToken && "jwt".equalsIgnoreCase(((UserLoginToken) token).getLoginType())) {UserLoginToken jwtToken = (UserLoginToken) token;boolean shouldRefresh = shouldTokenRefresh(Objects.requireNonNull(JWTUtil.getIssuedAt(jwtToken.getUsername())));if (shouldRefresh) {//生成新的TOKENSecurityUser user = (SecurityUser) subject.getPrincipal();String newToken = JWTUtil.sign(user.getUserInfo().getId());httpResponse.setHeader("x-auth-token", newToken);}}return true;
}@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {log.error("Validate token fail, token:{}, error:{}", token.toString(), e.getMessage());return false;
}/*** 获取TOKEN* @param request 请求* @return token*/
private String getAuthzHeader(ServletRequest request) {HttpServletRequest httpRequest = WebUtils.toHttp(request);String header = httpRequest.getHeader("x-auth-token");return StringUtils.removeStart(header, "Bearer ");
}/*** 判断是否需要刷新TOKEN* @param issueAt token签发日期* @return 是否需要刷新TOKEN*/
private boolean shouldTokenRefresh(Date issueAt) {LocalDateTime issueTime = LocalDateTime.ofInstant(issueAt.toInstant(), ZoneId.systemDefault());return LocalDateTime.now().minusSeconds(tokenRefreshInterval).isAfter(issueTime);
}
}
原签发TOKEN后10分钟后刷新新的TOKEN
2.前端获取TOKEN
// 拦截响应response,并做一些错误处理
axios.interceptors.response.use((response) => {
if(response.status ===200 && response.data && response.data.code === 401) {
//console.log(window.location.origin);
window.location.href=window.location.origin+window.location.pathname+'#/login';
}//获取返回的TOKEN
const token=response.headers['x-auth-token'];if(token) {//将续期的TOKEN存起来localStorage.setItem("token",token) ;
}
// 这里是填写处理信息
return response;
}, (err) => { // 这里是返回状态码不为200时候的错误处理
console.log(err);
if(err && err.response) {
switch(err.response.data.code) {
case 400:
err.message = ‘请求错误’;
break;
case 401:err.message = '未授权,请登录';break;case 403:err.message = '无权限';break;case 404:err.message = `请求地址出错: ${err.response.config.url}`;break;case 408:err.message = '请求超时';break;case 500:err.message = '服务器内部错误';break;case 501:err.message = '服务未实现';break;case 502:err.message = '网关错误';break;case 503:err.message = '服务不可用';break;case 504:err.message = '网关超时';break;case 505:err.message = 'HTTP版本不受支持';break;default:}
}
Vue.prototype.$message.error(err.response.data.msg!=null?err.response.data.msg:err.message);
return Promise.reject(err)
});
注意一点,需要通过过滤器调整FITLER,增加Access-Control-Expose-Headers的输出,否则无法获取response中的header.
至此,JWT的TOKEN续期功能完成.
vue之电商管理系统电商系统之参数管理)
vue之电商管理系统电商系统之通过路由加载分类参数)
vue之电商管理系统电商系统之分类参数的基本结构)
vue之电商管理系统电商系统之调用api获取数据)
vue之电商管理系统电商系统之渲染商品分类的选择框)
 request.getInputStream() request.getReader())
vue之电商管理系统电商系统之控制级联选择框的选择范围)
vue之电商管理系统电商系统之渲染分类参数的tab页标签)
vue之电商管理系统电商系统之渲染添加参数的按钮)
