网站建设培训哪家好自助建网站软件平台

 接上篇讲到授权与认证之jwt（三）刷新令牌该如何设计 这篇文章中要注意

注意事项：
因为在OAuth2 Filter类中要读写
ThreadLocal中的数据，所以OAuth:2 Filter类
必须要设置成多例的，否则ThreadLocal将无法使用。

一、在配置文件中，添加)WT需要用到的密钥、过期时间和缓存过期时间。

emos:jwt:#密钥secret: abc123456#令牌过期时间（天）expire: 5#令牌缓存时间（天）cache-expire: 10

二、创建OAuth2Filter类

@Component
@Scope("prototype")
public class OAuth2Filter extends AuthenticatingFilter {@Autowiredprivate ThreadLocalToken threadLocalToken;@Value("${emos.jwt.cache-expire}")private int cacheExpire;@Autowiredprivate JwtUtil jwtUtil;//用于往redis中存取数据@Autowiredprivate RedisTemplate redisTemplate;/*** 拦截请求后，用于把令牌字符串封装成令牌对象*/@Overrideprotected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {HttpServletRequest req=(HttpServletRequest)request;String token = getRequestToken(req);if (StrUtil.isBlank(token)) {return null;}return new OAuth2Token(token);}/***判断哪种请求可以被shiro处理*/@Overrideprotected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue){HttpServletRequest req = (HttpServletRequest)request;//ajax提交application/json数据的时候，会先发出Option请求//这里要放行Option请求，不需要shiro处理if (req.getMethod().equals(RequestMethod.OPTIONS.name())) {return true;}//除了Options请求之外，所以请求都要被shiro处理return false;}/*** 该方法用于处理所有应该被shiro处理的请求*/@Overrideprotected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {HttpServletRequest req = (HttpServletRequest)servletRequest;HttpServletResponse resp = (HttpServletResponse)servletResponse;//允许跨域请求resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));resp.setHeader("Access-Control-Allow-Credentials", "true");resp.setContentType("text/html;charset=utf-8");threadLocalToken.clear();String token = getRequestToken(req);if (StrUtil.isBlank(token)) {resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);resp.getWriter().print("无效令牌");return false;}//验证token是否内容有效，验证是否过期try {jwtUtil.verifyToken(token);}catch (TokenExpiredException e){//查redis有没有该令牌if (redisTemplate.hasKey(token)) {//有数据，需要删掉缓存的老令牌，重新生成新令牌redisTemplate.delete(token);int userId=jwtUtil.getUserId(token);//创建新tokentoken=jwtUtil.createToken(userId);//把token存到redis中redisTemplate.opsForValue().set(token,userId+"",cacheExpire, TimeUnit.DAYS);//把token存到threadLocal中threadLocalToken.setToken(token);}else {//客户端和redis中令牌都过期，需要用户重新登录resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);resp.getWriter().print("令牌已过期");return false;}}catch (JWTDecodeException e){resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);resp.getWriter().print("无效令牌");return false;}//此时令牌没问题boolean b = executeLogin(req, resp);return b;}@Overrideprotected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {HttpServletRequest req = (HttpServletRequest)servletRequest;HttpServletResponse resp = (HttpServletResponse)servletResponse;//允许跨域请求resp.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));resp.setHeader("Access-Control-Allow-Credentials", "true");resp.setContentType("text/html;charset=utf-8");resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);try {resp.getWriter().print(e.getMessage());} catch (IOException ex) {throw new RuntimeException(ex);}return false;}@Overridepublic void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException {super.doFilterInternal(request, response, chain);}/*** 获取token方法*/private String getRequestToken(HttpServletRequest req){String token = req.getHeader("token");if (StrUtil.isBlank(token)) {//从请求体中获取数据token=req.getParameter("token");}return token;}
}