ログイン関連、ログインブロック、権限設定

jwtブロッキング
ログインをブロックし、tokenが有効かどうかを判断するために使用されます.ここでdemoのtokenはセッションで入手したtokenで、ログイン時にtokenをセッションに格納します.

@Slf4j
public class JWTFilter extends AuthenticationFilter {

    /**
     *           。
     *    header        Token
     */
    protected boolean isLoginAttempt(HttpServletRequest request, ServletResponse response) {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpSession session = req.getSession();
        String token = (String) session.getAttribute("token");  //    token  session 
        //String token = req.getHeader(JWTUtil.AUTHORIZATION);     token  header 
        return token != null;
    }


    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        if (isLoginAttempt((HttpServletRequest) request, response)) {
            UserVO user = (UserVO) SecurityUtils.getSubject().getPrincipal();
            if (user != null) {
                return JWTUtil.verify(user.getToken(), user.getUserName(), user.getId());
            }
        }

        return false;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest res = (HttpServletRequest) request;
        HttpSession session = res.getSession();
        String token = (String) session.getAttribute("token");

        Boolean isLogin = false;
        if (!StringUtils.isEmpty(token)) {
            JWTToken loginToken = new JWTToken(token);
            log.debug("  Token    :" + token);

            try {
                getSubject(request, response).login(loginToken);
                isLogin = true;
            } catch (AuthenticationException exp) {
                getSubject(request, response).logout();
            }
        }

        //      
        if (isLogin) {
            UserVO user = (UserVO) SecurityUtils.getSubject().getPrincipal();

            log.debug("      :" + user);

            issueSuccessRedirect(request, response);
        } else {
            //  401
            response401(request, response);
        }

        return isLogin;
    }

    /**
     *        
     */
    @Override
    protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers",
                httpServletRequest.getHeader("Access-Control-Request-Headers"));

        if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return false;
        }

        return super.preHandle(request, response);
    }

    /**
     *         
     */
    private void response401(ServletRequest req, ServletResponse resp) {
        //Ajax  
        if (isAjaxRequest(req)) {
            HttpServletResponse response = (HttpServletResponse) resp;
            response.setContentType("application/json;charset=UTF-8");
            response.setCharacterEncoding("UTF-8");

            String msg = "        ,             ";

            ResponseData data = ResponseData.newFailed()
                    .setStatus(401)
                    .setCode("401")
                    .setMessage(msg)
                    .setMessage(msg);

            try {
                PrintWriter out = response.getWriter();

                out.print(new Gson().toJson(data));
                out.flush();
                out.close();
            } catch (IOException e) {
                log.error(e.getMessage());
            }
        } else {
            // AJAX  
            try {
                saveRequestAndRedirectToLogin(req, resp);
            } catch (IOException e) {
                log.error(e.getMessage());
            }
        }
    }

    /**
     *      ajax  
     */
    private boolean isAjaxRequest(ServletRequest request) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        String requestedWith = httpServletRequest.getHeader("X-Requested-With");

        return "XMLHttpRequest".equalsIgnoreCase(requestedWith);
    }

    @Override
    protected void issueSuccessRedirect(ServletRequest request,
                                        ServletResponse response) throws Exception {

        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        log.debug("   :" + httpServletRequest.getRequestURL());

        String superURL = httpServletRequest.getRequestURI();
        WebUtils.issueRedirect(request, response, superURL, null, true);
    }

}

JWTツールクラス
tokenを生成し、tokenを解析してtoken内のユーザ情報を復元するなど

@Slf4j
public class JWTUtil {
    public final static String USER_ID = "user_id";
    public final static String APP_CODE = "app_code";
    public final static String USER_NAME = "user_name";

    private final static String SECRET = "0b2ad71cfedc4feab58000db9e59d7bc";

    public static final String AUTHORIZATION = "auth-token";

    /**
     *     
     *
     * @Deprecated
     */
    private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24;

    /**
     *   Token    
     *
     * @param token         token
     * @param userName         
     * @param userId     id
     * @return     ，    true，  false
     */
    public static boolean verify(String token, String userName, Long userId) {
        try {
            //   token       ,         
            Algorithm algorithm = Algorithm.HMAC256(SECRET);
            JWTVerifier verifier = JWT.require(algorithm)
                    .withClaim(USER_NAME, userName)
                    .withClaim(USER_ID, userId)
                    .build();

            verifier.verify(token);
            return true;
        } catch (TokenExpiredException exp) {
            log.error(String.format("  [%s]   token[%s]    ", userName, token));
            return false;
        } catch (JWTVerificationException exp) {
            log.error(String.format("  [%s]   token[%s]    ", userId, token));
            return false;
        } catch (Exception exception) {
            log.error(String.format("  [%s]   token[%s]    ,     : %s", userName, token, exception.getMessage()), exception);
            return false;
//            throw new ServiceException(String.format("  [%s]   token[%s]    ,     : %s", userName, token, exception.getMessage()), exception);
        }
    }

    /**
     *     JWT
     *
     * @param userName     
     * @param userId     id
     * @return    Token
     */
    public static String sign(String userName, Long userId) {
        Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
        Algorithm algorithm = Algorithm.HMAC256(SECRET);

        return JWT.create()
                .withClaim(USER_NAME, userName)
                .withClaim(USER_ID, userId)
                .withExpiresAt(date)
                .sign(algorithm);
    }

    /**
     *  Token   userId
     *
     * @param token      token
     * @return        
     */
    public static Long getUserId(String token) {
        try {
            DecodedJWT jwt = parseJWT(token);
            return jwt.getClaim(USER_ID) != null ? jwt.getClaim(USER_ID).asLong() : null;
        } catch (JWTDecodeException e) {
            return null;
        }
    }

    /**
     *     
     *
     * @param token
     * @return
     */
    public static String getUserName(String token) {
        try {
            DecodedJWT jwt = parseJWT(token);
            return jwt.getClaim(USER_NAME) != null ? jwt.getClaim(USER_NAME).asString() : null;
        } catch (JWTDecodeException e) {
            return null;
        }
    }


    /**
     *       
     *
     * @param token
     * @return
     */
    public static String getAppCode(String token) {
        try {
            DecodedJWT jwt = parseJWT(token);
            return jwt.getClaim(APP_CODE) != null ? jwt.getClaim(APP_CODE).asString() : null;
        } catch (JWTDecodeException e) {
            return null;
        }
    }

    /**
     *   JWT
     *
     * @param jwt
     * @return
     */
    public static DecodedJWT parseJWT(String jwt) {
        Algorithm algorithm = Algorithm.HMAC256(SECRET);
        return JWT.require(algorithm).build().verify(jwt);
    }

}

UserRealm
ログイン後にtokenを解析し、現在のユーザー情報とユーザーtokenを設定します.

@Slf4j
public class UserRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    /**
     *        ，  Shiro   
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }

    /**
     *                      ，  checkRole,checkPermission   
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        //                
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();

        return authorizationInfo;
    }

    /**
     *       Token，          Token
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
        String token = (String) auth.getCredentials();
        String userName = JWTUtil.getUserName(token);
        Long userId = JWTUtil.getUserId(token);

        log.debug("    :" + token + ", " + userId);

        if (StringUtils.isEmpty(userName) || userId == null) {
            throw new AuthenticationException("        , Token  ");
        }

        UserVO user = userService.getUserInfo(userName, userId);

        log.debug("    :" + user);

        if (user == null) {
            throw new AuthenticationException("    ,      ");
        } else {
            user.setToken(token);
            return new SimpleAuthenticationInfo(user, token, getName());
        }
    }

    @Override
    public String getName() {
        return "familyRealm";
    }
}

JWTToken
tokenストレージオブジェクト

public class JWTToken implements AuthenticationToken {

    private static final long serialVersionUID = -8414484413319621557L;

//	public static final String TOKEN_PREFIX = "FAMILY_TOKEN_";

    //   
    private String token;

    public JWTToken(String token) {
        this.token = token;
    }

    @Override
    public Object getPrincipal() {
        return token;
    }

    @Override
    public Object getCredentials() {
        return token;
    }
}

Shiro
Shiro関連の構成

@Configuration
public class ShiroConfig {

    /**
     *
     *   Shiro        
     *
     * @return
     */
    @Bean
    public Realm passwordAuthorizingRealm() {
        return new UserRealm();
    }

    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator() {
        ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
        modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        return modularRealmAuthenticator;
    }

    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

        securityManager.setAuthenticator(modularRealmAuthenticator());

        List<Realm> realms = new ArrayList<>();

        realms.add(passwordAuthorizingRealm());

        securityManager.setRealms(realms);

        securityManager.setSessionManager(sessionManager());

        return securityManager;
    }

    /**
     *   Token   SessionManager
     *
     * @return
     */
    @Bean
    public SessionManager sessionManager() {
        TokenSessionManager sessionManager = new TokenSessionManager();
        return sessionManager;
    }

    /**
     * ShiroFilter     
     *
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/login/index.html");

        //     
        shiroFilterFactoryBean.getFilters().put("authc", new JWTFilter());
        //        
        LogoutFilter logout = new LogoutFilter();
        shiroFilterFactoryBean.getFilters().put("logout", logout);

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

        //          
        filterChainDefinitionMap.put("/static/**", "anon");
//		filterChainDefinitionMap.put("/api/common/**", "anon");
        //       
        filterChainDefinitionMap.put("/login**", "anon");
        filterChainDefinitionMap.put("/login/**", "anon");
        filterChainDefinitionMap.put("/login/login", "anon");
        //   
        filterChainDefinitionMap.put("/api/**", "authc");
        filterChainDefinitionMap.put("/test/**", "authc");
        filterChainDefinitionMap.put("/**", "authc");

        //                
        shiroFilterFactoryBean.setSuccessUrl("/index");

        //      ;
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
        return authorizationAttributeSourceAdvisor;
    }
}

html.js
hmlにはajaxグローバルリクエストヘッダが設定されており、jsを導入するとajaxは設定したtokenを持参します

var isLogin = true; //         
var token = localStorage.getItem("token") || '';
$.ajaxSetup({
    dataType: "json",
    // cache: false,
    headers: {
        "auth-token": token
    },
    xhrFields: {
        withCredentials: true
    },
    complete: function(xhr) {
        //token  ，        
        if(xhr.responseJSON != undefined && xhr.responseJSON.code != undefined){
            if( xhr.responseJSON.code == 401 && isLogin){
                window.location = '/login/index.html';
            }
        }
    }
});