diff --git a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java index 86311d70..926da5b6 100644 --- a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java +++ b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java @@ -3,11 +3,11 @@ package com.dsideal.gw.Handler; import com.dsideal.gw.Bean.RetBean; import com.dsideal.gw.GwApplication; import com.dsideal.gw.Util.JwtUtil; -import com.dsideal.gw.Util.SessionKit; import com.jfinal.handler.Handler; import com.jfinal.kit.StrKit; import com.jfinal.upload.MultipartRequest; import com.jfinal.upload.UploadFile; +import com.jfinal.plugin.activerecord.Record; import io.jsonwebtoken.Claims; import okhttp3.*; import org.apache.commons.io.IOUtils; @@ -150,13 +150,13 @@ public class RouterHandler extends Handler { //是不是通过了登录检查? boolean canPass = true; //1、存在Session,检查是不是正确的Session - String identity_id = SessionKit.get(req, res, "identity_id"); - String person_id = SessionKit.get(req, res, "person_id"); - String bureau_id = SessionKit.get(req, res, "bureau_id"); - String token = SessionKit.get(req, res, "token"); + Record rPerson= JwtUtil.getPersonInfo(req); + String identity_id = rPerson.getStr("identity_id"); + String person_id = rPerson.getStr("person_id"); + String bureau_id = rPerson.getStr("bureau_id"); //如果没有找到Session,那么直接不通过 - if (StrKit.isBlank(token) || StrKit.isBlank(bureau_id) || StrKit.isBlank(identity_id) || StrKit.isBlank(person_id)) { + if (StrKit.isBlank(bureau_id) || StrKit.isBlank(identity_id) || StrKit.isBlank(person_id)) { canPass = false; } @@ -170,8 +170,6 @@ public class RouterHandler extends Handler { } } } - - if (!canPass) { renderJson(res, new RetBean(RetBean.ERROR, "登录已过期,请重新登录!").toString()); isHandled[0] = true; //停止filter diff --git a/dsGw/src/main/java/com/dsideal/gw/Util/CookieUtil.java b/dsGw/src/main/java/com/dsideal/gw/Util/CookieUtil.java new file mode 100644 index 00000000..967b8c38 --- /dev/null +++ b/dsGw/src/main/java/com/dsideal/gw/Util/CookieUtil.java @@ -0,0 +1,56 @@ +package com.dsideal.gw.Util; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CookieUtil { + + // 默认缓存时间,单位/秒, 2H + private static final int COOKIE_MAX_AGE = 60 * 60 * 2; + // 保存路径,根路径 + private static final String COOKIE_PATH = "/"; + + public static String getValue(HttpServletRequest request, String key) { + Cookie cookie = get(request, key); + if (cookie != null) { + return cookie.getValue(); + } + return null; + } + + private static Cookie get(HttpServletRequest request, String key) { + Cookie[] arr_cookie = request.getCookies(); + if (arr_cookie != null && arr_cookie.length > 0) { + for (Cookie cookie : arr_cookie) { + if (cookie.getName().equals(key)) { + return cookie; + } + } + } + return null; + } + + public static void set(HttpServletResponse response, String key, String value, boolean ifRemember,boolean isHttpOnly) { + int age = ifRemember ? COOKIE_MAX_AGE : -1; + set(response, key, value, null, COOKIE_PATH, age, isHttpOnly); + } + + private static void set(HttpServletResponse response, String key, String value, String domain, String path, int maxAge, boolean isHttpOnly) { + Cookie cookie = new Cookie(key, value); + if (domain != null) { + cookie.setDomain(domain); + } + cookie.setPath(path); + cookie.setMaxAge(maxAge); + cookie.setHttpOnly(isHttpOnly); + response.addCookie(cookie); + } + + public static void remove(HttpServletRequest request, HttpServletResponse response, String key) { + Cookie cookie = get(request, key); + if (cookie != null) { + set(response, key, "", null, COOKIE_PATH, 0, true); + } + } +} diff --git a/dsGw/src/main/java/com/dsideal/gw/Util/JwtUtil.java b/dsGw/src/main/java/com/dsideal/gw/Util/JwtUtil.java index 84f90047..7ec9f8fd 100644 --- a/dsGw/src/main/java/com/dsideal/gw/Util/JwtUtil.java +++ b/dsGw/src/main/java/com/dsideal/gw/Util/JwtUtil.java @@ -4,18 +4,25 @@ import com.dsideal.gw.GwApplication; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import io.jsonwebtoken.security.Keys; +import com.jfinal.plugin.activerecord.Record; +import javax.crypto.SecretKey; +import javax.servlet.http.HttpServletRequest; import java.nio.charset.StandardCharsets; +import java.util.Date; import java.util.HashMap; import java.util.Map; -import java.util.Date; public class JwtUtil { public static final String AUTHORIZATION_STARTER = "Bearer "; - public static final String SECRET = GwApplication.PropKit.get("SECRET"); + public static final String SECRET = GwApplication.PropKit.get("jwt.SECRET"); + + // 生成安全的密钥 + private static final SecretKey key = Keys.hmacShaKeyFor(SECRET.getBytes(StandardCharsets.UTF_8)); /** - * 功能:黄海开发的生成JWT函数 + * 功能:生成JWT函数 * * @param identity_id 身份ID * @param person_id 人员ID @@ -31,7 +38,11 @@ public class JwtUtil { claims.put("identity_id", identity_id); claims.put("person_id", person_id); claims.put("bureau_id", bureau_id); - return AUTHORIZATION_STARTER + Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS256, SECRET).compact(); + + return AUTHORIZATION_STARTER + Jwts.builder() + .setClaims(claims) + .signWith(key, SignatureAlgorithm.HS256) + .compact(); } public static Claims getClaims(String token) { @@ -40,33 +51,37 @@ public class JwtUtil { } Claims claims; try { - claims = Jwts.parser() - .setSigningKey(SECRET) + claims = Jwts.parserBuilder() + .setSigningKey(key) + .build() .parseClaimsJws(token) .getBody(); } catch (Exception e) { - try { - claims = Jwts.parser() - .setSigningKey(SECRET.getBytes(StandardCharsets.UTF_8)) - .parseClaimsJws(token) - .getBody(); - } catch (Exception err) { - claims = null; - } + claims = null; } return claims; } - public static void main(String[] args) { - GwApplication gw = new GwApplication(); - String token = generateToken(4, "0b64e31e-a85e-43eb-ba5f-3088d986a8da","3f7f4c90-645a-4fb9-9902-447846cf1dcc"); - /** - 结论: - 1、JWT的里面有三个关键信息,一个是identity_id,另一个是person_id,还有一个bureau_id - */ - Claims claims = getClaims(token); - System.out.println(claims.get("identity_id")); - System.out.println(claims.get("person_id")); - System.out.println(claims.get("bureau_id")); + /** + * 获取当前用户信息 + * + * @param req 请求 + * @return + */ + public static Record getPersonInfo(HttpServletRequest req) { + String jwtToken = req.getHeader("Authorization"); + if (jwtToken == null) { + //尝试从Cookie中获取jwt-token + jwtToken = CookieUtil.getValue(req, "jwt-token"); + } + Record record = new Record(); + Claims claims = getClaims(jwtToken); + if (claims != null) { + record.set("identity_id", claims.get("identity_id")); + record.set("person_id", claims.get("person_id")); + record.set("bureau_id", claims.get("bureau_id")); + record.set("create_time", claims.get("create_time")); + } + return record; } -} +} \ No newline at end of file diff --git a/dsGw/src/main/java/com/dsideal/gw/Util/SessionKit.java b/dsGw/src/main/java/com/dsideal/gw/Util/SessionKit.java deleted file mode 100644 index 9e6022a1..00000000 --- a/dsGw/src/main/java/com/dsideal/gw/Util/SessionKit.java +++ /dev/null @@ -1,87 +0,0 @@ -package com.dsideal.gw.Util; - -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.UUID; - -public class SessionKit { - public static String JSessionId = "sessionId";//Cookie中sessionId的名称 - public static long TimeoutSecond = 60 * 60 * 24 * 7;//一周 - - /** - * 功能:获取Cookie上的jSessionId - * - * @param request - * @return - */ - public static String getCookieSessionId(HttpServletRequest request, HttpServletResponse response) { - String jSessionId = null; - //客户端请求服务器时 从请求对象中获取所有的cookie - Cookie[] cookies = request.getCookies(); - if (cookies != null) { - //遍历cookie集合 根据名字获取对应的value - for (Cookie cookie : cookies) { - //判断是否为指定cookie - if (JSessionId.equals(cookie.getName())) { - //获取对应的值 - jSessionId = cookie.getValue(); - break; - } - } - } - if (cookies == null || jSessionId == null) { - // 创建cookie对象 - jSessionId = UUID.randomUUID().toString().toLowerCase(); - Cookie cookie = new Cookie(JSessionId, jSessionId); - cookie.setPath("/"); - // 设置cookie存活时间 - response.addCookie(cookie); - } - return JSessionId + "_" + jSessionId; - } - - public static void clear(HttpServletRequest request, HttpServletResponse response) { - String jSessionId = getCookieSessionId(request, response); - //写入jSessionId的key域值 - RedisKit.Del(jSessionId); - Cookie[] cookies = request.getCookies(); - if (cookies != null) { - for (Cookie cookie : cookies) { - cookie.setMaxAge(0); // 将Cookie的过期时间设为0,表示立即过期 - response.addCookie(cookie); // 发送修改后的Cookie回客户端 - } - } - } - - /** - * 功能:手工实现的Redis模拟Session写入 - * - * @param request - * @param key - * @param value - * @return - */ - public static void set(HttpServletRequest request, HttpServletResponse response, String key, String value) { - String jSessionId = getCookieSessionId(request, response); - //写入jSessionId的key域值 - RedisKit.HSet(jSessionId, key, value); - //过期时长为TimeoutSecond - RedisKit.Expire(jSessionId, TimeoutSecond); - } - - /** - * 功能:获取Session内容 - * - * @param request - * @param key - * @return - */ - public static String get(HttpServletRequest request, HttpServletResponse response, String key) { - String jSessionId = getCookieSessionId(request, response); - String value = RedisKit.HGet(jSessionId, key); - //过期时长为TimeoutSecond - RedisKit.Expire(jSessionId, TimeoutSecond); - return value; - } -} diff --git a/dsGw/src/main/resources/application_dev.yaml b/dsGw/src/main/resources/application_dev.yaml index 1da7bd04..8a2499d0 100644 --- a/dsGw/src/main/resources/application_dev.yaml +++ b/dsGw/src/main/resources/application_dev.yaml @@ -2,7 +2,8 @@ uploadTempPath: /tmp # JWT -SECRET: ZXZnZWVr5b+r5LmQ5L2g55qE5Ye66KGM +jwt: + SECRET: ZXZnZWVr5b+r5LmQ5L2g55qE5Ye66KGM # 路由 route: