授权与认证之jwt（四）创建OAuth2Filter类

 接上篇讲到授权与认证之jwt（三）刷新令牌该如何设计 这篇文章中要注意

注意事项： 因为在OAuth2 Filter类中要读写 ThreadLocal中的数据，所以OAuth:2 Filter类 必须要设置成多例的，否则ThreadLocal将无法使用。

一、在配置文件中，添加)WT需要用到的密钥、过期时间和缓存过期时间。

emos: jwt: #密钥 secret: abc123456 #令牌过期时间（天） expire: 5 #令牌缓存时间（天） cache-expire: 10

二、创建OAuth2Filter类

@Component @Scope("prototype") public class OAuth2Filter extends AuthenticatingFilter { @Autowired private ThreadLocalToken threadLocalToken; @Value("${emos.jwt.cache-expire}") private int cacheExpire; @Autowired private JwtUtil jwtUtil; //用于往redis中存取数据 @Autowired private RedisTemplate redisTemplate; /** * 拦截请求后，用于把令牌字符串封装成令牌对象 */ @Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest req=(HttpServletRequest)request; String token = getRequestToken(req); if (StrUtil.isBlank(token)) { return null; } return new OAuth2Token(token); } /** *判断哪种请求可以被shiro处理 */ @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue){ HttpServletRequest req = (HttpServletRequest)request; //ajax提交application/json数据的时候，会先发出Option请求 //这里要放行Option请求，不需要shiro处理 if (req.getMethod().equals(RequestMethod.OPTIONS.name())) { return true; } //除了Options请求之外，所以请求都要被shiro处理 return false; } /** * 该方法用于处理所有应该被shiro处理的请求 */ @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { HttpServletRequest req = (HttpServletRequest)servletRequest; HttpServletResponse resp = (HttpServletResponse)servletResponse; //允许跨域请求 resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); resp.setHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("text/html;charset=utf-8"); threadLocalToken.clear(); String token = getRequestToken(req); if (StrUtil.isBlank(token)) { resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); resp.getWriter().print("无效令牌"); return false; } //验证token是否内容有效，验证是否过期 try { jwtUtil.verifyToken(token); }catch (TokenExpiredException e){ //查redis有没有该令牌 if (redisTemplate.hasKey(token)) { //有数据，需要删掉缓存的老令牌，重新生成新令牌 redisTemplate.delete(token); int userId=jwtUtil.getUserId(token); //创建新token token=jwtUtil.createToken(userId); //把token存到redis中 redisTemplate.opsForValue().set(token,userId+"",cacheExpire, TimeUnit.DAYS); //把token存到threadLocal中 threadLocalToken.setToken(token); }else { //客户端和redis中令牌都过期，需要用户重新登录 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); resp.getWriter().print("令牌已过期"); return false; } }catch (JWTDecodeException e){ resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); resp.getWriter().print("无效令牌"); return false; } //此时令牌没问题 boolean b = executeLogin(req, resp); return b; } @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { HttpServletRequest req = (HttpServletRequest)servletRequest; HttpServletResponse resp = (HttpServletResponse)servletResponse; //允许跨域请求 resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin")); resp.setHeader("Access-Control-Allow-Credentials", "true"); resp.setContentType("text/html;charset=utf-8"); resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); try { resp.getWriter().print(e.getMessage()); } catch (IOException ex) { throw new RuntimeException(ex); } return false; } @Override public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { super.doFilterInternal(request, response, chain); } /** * 获取token方法 */ private String getRequestToken(HttpServletRequest req){ String token = req.getHeader("token"); if (StrUtil.isBlank(token)) { //从请求体中获取数据 token=req.getParameter("token"); } return token; } }