认证过程在Gateway网关层面实现。在网关中添加过滤器,获取携带的Token信息,验证该Token是否合法;Token合法则放行,否则拦截。如果系统需要获取Token中的信息(例如userId等),可以将其放在Http
中。
全局过滤器实现jwt校验
在com.swx.app.gateway
模块下创建包com.swx.app.gateway.filter
创建过滤器类
AuthorizeFilter@Component public class AuthorizeFilter implements Ordered, GlobalFilter { @Override public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse();
if (request.getURI().getPath().contains("/login")) { return chain.filter(exchange); }
String token = request.getHeaders().getFirst("token");
if (!StringUtils.hasText(token)) { response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); }
Claims claimsBody = AppJwtUtil.getClaimsBody(token); int result = AppJwtUtil.verifyToken(claimsBody); if (result == 1 || result == 2) { response.setStatusCode(HttpStatus.UNAUTHORIZED); return response.setComplete(); } return chain.filter(exchange); }
@Override public int getOrder() { return 0; } }
|
工具类
utils.AppJwtUtilpublic class AppJwtUtil { private static final int TOKEN_TIME_OUT = 3_600; private static final String TOKEN_ENCRY_KEY = "Nvz9Vywt6NuTM7l07RoWvN86M84frPcZuj83SHwpM3S6k2GdPq4QQOjS1IZHIjWt"; private static final int REFRESH_TIME = 300;
public static String getToken(Long id) { Map<String, Object> claimMaps = new HashMap<>(); claimMaps.put("id", id); long currentTime = System.currentTimeMillis(); return Jwts.builder() .setId(UUID.randomUUID().toString()) .setIssuedAt(new Date(currentTime)) .setSubject("system") .setIssuer("heima") .setAudience("app") .compressWith(CompressionCodecs.GZIP) .signWith(generalKey(), SignatureAlgorithm.HS512) .setExpiration(new Date(currentTime + TOKEN_TIME_OUT * 1000)) .addClaims(claimMaps) .compact(); }
private static Jws<Claims> getJws(String token) { return Jwts.parser() .setSigningKey(generalKey()) .parseClaimsJws(token); }
public static Claims getClaimsBody(String token) { try { return getJws(token).getBody(); } catch (ExpiredJwtException e) { return null; } }
public static JwsHeader getHeaderBody(String token) { return getJws(token).getHeader(); }
public static int verifyToken(Claims claims) { if (claims == null) { return 1; } try { claims.getExpiration() .before(new Date()); if ((claims.getExpiration().getTime() - System.currentTimeMillis()) > REFRESH_TIME * 1000) { return -1; } else { return 0; } } catch (ExpiredJwtException ex) { return 1; } catch (Exception e) { return 2; } }
public static SecretKey generalKey() { byte[] encodedKey = Base64.getEncoder().encode(TOKEN_ENCRY_KEY.getBytes()); return Keys.hmacShaKeyFor(encodedKey); } }
|