mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-05-11 23:57:21 +08:00
优化jwt权限
This commit is contained in:
zhouhao
@@ -0,0 +1,10 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
/**
|
||||
* TODO 完成注释
|
||||
*
|
||||
* @author zhouhao
|
||||
*/
|
||||
public interface AuthorizedToken extends ParsedToken {
|
||||
String getUserId();
|
||||
}
|
||||
@@ -6,7 +6,7 @@ import java.util.Map;
|
||||
/**
|
||||
* Created by zhouhao on 2017/8/30.
|
||||
*/
|
||||
public interface TokenResult extends Serializable {
|
||||
public interface GeneratedToken extends Serializable {
|
||||
Map<String,Object> getResponse();
|
||||
|
||||
String getToken();
|
||||
@@ -0,0 +1,10 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
/**
|
||||
* TODO 完成注释
|
||||
*
|
||||
* @author zhouhao
|
||||
*/
|
||||
public interface ParsedToken {
|
||||
String getToken();
|
||||
}
|
||||
@@ -19,7 +19,7 @@ public class SessionIdUserTokenGenerator implements UserTokenGenerator ,Serializ
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenResult generate(Authentication authentication) {
|
||||
public GeneratedToken generate(Authentication authentication) {
|
||||
HttpServletRequest request= WebUtil.getHttpServletRequest();
|
||||
if(null==request)throw new UnsupportedOperationException();
|
||||
|
||||
@@ -28,7 +28,7 @@ public class SessionIdUserTokenGenerator implements UserTokenGenerator ,Serializ
|
||||
|
||||
String sessionId = request.getSession().getId();
|
||||
|
||||
return new TokenResult() {
|
||||
return new GeneratedToken() {
|
||||
@Override
|
||||
public Map<String, Object> getResponse() {
|
||||
return Collections.emptyMap();
|
||||
|
||||
@@ -9,12 +9,12 @@ import java.util.function.Predicate;
|
||||
*/
|
||||
public class SessionIdUserTokenParser implements UserTokenParser {
|
||||
@Override
|
||||
public String parseToken(HttpServletRequest request) {
|
||||
public ParsedToken parseToken(HttpServletRequest request) {
|
||||
|
||||
HttpSession session = request.getSession(false);
|
||||
|
||||
if (session != null) {
|
||||
return session.getId();
|
||||
return session::getId;
|
||||
}
|
||||
|
||||
return null;
|
||||
|
||||
@@ -47,7 +47,7 @@ public class UserOnSignIn implements AuthorizationListener<AuthorizationSuccessE
|
||||
userTokenManager.signOutByToken(token.getToken());
|
||||
}
|
||||
//创建token
|
||||
TokenResult newToken = userTokenGenerators.stream()
|
||||
GeneratedToken newToken = userTokenGenerators.stream()
|
||||
.filter(generator->generator.getSupportTokenType().equals(tokenType))
|
||||
.findFirst()
|
||||
.orElseThrow(()->new UnsupportedOperationException(tokenType))
|
||||
@@ -55,22 +55,8 @@ public class UserOnSignIn implements AuthorizationListener<AuthorizationSuccessE
|
||||
//登入
|
||||
userTokenManager.signIn(newToken.getToken(), event.getAuthentication().getUser().getId(),newToken.getTimeout());
|
||||
|
||||
|
||||
//响应结果
|
||||
event.getResult().putAll(newToken.getResponse());
|
||||
|
||||
}
|
||||
|
||||
protected String createToken(String type) {
|
||||
switch (type) {
|
||||
case "simple":
|
||||
return DigestUtils.md5Hex(UUID.randomUUID().toString().concat(String.valueOf(Math.random())));
|
||||
default:
|
||||
return Optional.ofNullable(WebUtil.getHttpServletRequest())
|
||||
.orElseThrow(UnsupportedOperationException::new)
|
||||
.getSession()
|
||||
.getId();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,5 +11,5 @@ import org.hswebframework.web.authorization.Authentication;
|
||||
public interface UserTokenGenerator {
|
||||
String getSupportTokenType();
|
||||
|
||||
TokenResult generate(Authentication authentication);
|
||||
GeneratedToken generate(Authentication authentication);
|
||||
}
|
||||
|
||||
@@ -10,5 +10,5 @@ import java.util.function.Predicate;
|
||||
*/
|
||||
public interface UserTokenParser {
|
||||
|
||||
String parseToken(HttpServletRequest request);
|
||||
ParsedToken parseToken(HttpServletRequest request);
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* TODO 完成注释
|
||||
@@ -27,22 +28,27 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
String token = userTokenParser.stream()
|
||||
.map(parser->parser.parseToken(request))
|
||||
List<ParsedToken> tokens = userTokenParser.stream()
|
||||
.map(parser -> parser.parseToken(request))
|
||||
.filter(Objects::nonNull)
|
||||
.filter(userTokenManager::tokenIsLoggedIn)
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
.collect(Collectors.toList());
|
||||
|
||||
if (null == token) {
|
||||
if (tokens.isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
userTokenManager.touch(token);
|
||||
UserToken userToken = userTokenManager.getByToken(token);
|
||||
if (userToken == null) {
|
||||
return true;
|
||||
} else {
|
||||
UserTokenHolder.setCurrent(userToken);
|
||||
for (ParsedToken parsedToken : tokens) {
|
||||
UserToken userToken = null;
|
||||
String token = parsedToken.getToken();
|
||||
if (userTokenManager.tokenIsLoggedIn(token)) {
|
||||
userToken = userTokenManager.getByToken(token);
|
||||
}
|
||||
// if ((userToken == null || userToken.isExpired()) && parsedToken instanceof AuthorizedToken) {
|
||||
// userToken = userTokenManager.signIn(parsedToken.getToken(), ((AuthorizedToken) parsedToken).getUserId(), -1);
|
||||
// }
|
||||
if (null != userToken) {
|
||||
userTokenManager.touch(token);
|
||||
UserTokenHolder.setCurrent(userToken);
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user