ログイン関連、ログインブロック、権限設定
jwtブロッキング
ログインをブロックし、tokenが有効かどうかを判断するために使用されます.ここでdemoのtokenはセッションで入手したtokenで、ログイン時にtokenをセッションに格納します.
JWTツールクラス
tokenを生成し、tokenを解析してtoken内のユーザ情報を復元するなど
UserRealm
ログイン後にtokenを解析し、現在のユーザー情報とユーザーtokenを設定します.
JWTToken
tokenストレージオブジェクト
Shiro
Shiro関連の構成
html.js
hmlにはajaxグローバルリクエストヘッダが設定されており、jsを導入するとajaxは設定したtokenを持参します
ログインをブロックし、tokenが有効かどうかを判断するために使用されます.ここでdemoのtokenはセッションで入手したtokenで、ログイン時にtokenをセッションに格納します.
@Slf4j
public class JWTFilter extends AuthenticationFilter {
/**
* 。
* header Token
*/
protected boolean isLoginAttempt(HttpServletRequest request, ServletResponse response) {
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession();
String token = (String) session.getAttribute("token"); // token session
//String token = req.getHeader(JWTUtil.AUTHORIZATION); token header
return token != null;
}
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isLoginAttempt((HttpServletRequest) request, response)) {
UserVO user = (UserVO) SecurityUtils.getSubject().getPrincipal();
if (user != null) {
return JWTUtil.verify(user.getToken(), user.getUserName(), user.getId());
}
}
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest res = (HttpServletRequest) request;
HttpSession session = res.getSession();
String token = (String) session.getAttribute("token");
Boolean isLogin = false;
if (!StringUtils.isEmpty(token)) {
JWTToken loginToken = new JWTToken(token);
log.debug(" Token :" + token);
try {
getSubject(request, response).login(loginToken);
isLogin = true;
} catch (AuthenticationException exp) {
getSubject(request, response).logout();
}
}
//
if (isLogin) {
UserVO user = (UserVO) SecurityUtils.getSubject().getPrincipal();
log.debug(" :" + user);
issueSuccessRedirect(request, response);
} else {
// 401
response401(request, response);
}
return isLogin;
}
/**
*
*/
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
httpServletResponse.setHeader("Access-Control-Allow-Headers",
httpServletRequest.getHeader("Access-Control-Request-Headers"));
if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
httpServletResponse.setStatus(HttpStatus.OK.value());
return false;
}
return super.preHandle(request, response);
}
/**
*
*/
private void response401(ServletRequest req, ServletResponse resp) {
//Ajax
if (isAjaxRequest(req)) {
HttpServletResponse response = (HttpServletResponse) resp;
response.setContentType("application/json;charset=UTF-8");
response.setCharacterEncoding("UTF-8");
String msg = " , ";
ResponseData data = ResponseData.newFailed()
.setStatus(401)
.setCode("401")
.setMessage(msg)
.setMessage(msg);
try {
PrintWriter out = response.getWriter();
out.print(new Gson().toJson(data));
out.flush();
out.close();
} catch (IOException e) {
log.error(e.getMessage());
}
} else {
// AJAX
try {
saveRequestAndRedirectToLogin(req, resp);
} catch (IOException e) {
log.error(e.getMessage());
}
}
}
/**
* ajax
*/
private boolean isAjaxRequest(ServletRequest request) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String requestedWith = httpServletRequest.getHeader("X-Requested-With");
return "XMLHttpRequest".equalsIgnoreCase(requestedWith);
}
@Override
protected void issueSuccessRedirect(ServletRequest request,
ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
log.debug(" :" + httpServletRequest.getRequestURL());
String superURL = httpServletRequest.getRequestURI();
WebUtils.issueRedirect(request, response, superURL, null, true);
}
}
JWTツールクラス
tokenを生成し、tokenを解析してtoken内のユーザ情報を復元するなど
@Slf4j
public class JWTUtil {
public final static String USER_ID = "user_id";
public final static String APP_CODE = "app_code";
public final static String USER_NAME = "user_name";
private final static String SECRET = "0b2ad71cfedc4feab58000db9e59d7bc";
public static final String AUTHORIZATION = "auth-token";
/**
*
*
* @Deprecated
*/
private static final long EXPIRE_TIME = 1000 * 60 * 60 * 24;
/**
* Token
*
* @param token token
* @param userName
* @param userId id
* @return , true, false
*/
public static boolean verify(String token, String userName, Long userId) {
try {
// token ,
Algorithm algorithm = Algorithm.HMAC256(SECRET);
JWTVerifier verifier = JWT.require(algorithm)
.withClaim(USER_NAME, userName)
.withClaim(USER_ID, userId)
.build();
verifier.verify(token);
return true;
} catch (TokenExpiredException exp) {
log.error(String.format(" [%s] token[%s] ", userName, token));
return false;
} catch (JWTVerificationException exp) {
log.error(String.format(" [%s] token[%s] ", userId, token));
return false;
} catch (Exception exception) {
log.error(String.format(" [%s] token[%s] , : %s", userName, token, exception.getMessage()), exception);
return false;
// throw new ServiceException(String.format(" [%s] token[%s] , : %s", userName, token, exception.getMessage()), exception);
}
}
/**
* JWT
*
* @param userName
* @param userId id
* @return Token
*/
public static String sign(String userName, Long userId) {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
Algorithm algorithm = Algorithm.HMAC256(SECRET);
return JWT.create()
.withClaim(USER_NAME, userName)
.withClaim(USER_ID, userId)
.withExpiresAt(date)
.sign(algorithm);
}
/**
* Token userId
*
* @param token token
* @return
*/
public static Long getUserId(String token) {
try {
DecodedJWT jwt = parseJWT(token);
return jwt.getClaim(USER_ID) != null ? jwt.getClaim(USER_ID).asLong() : null;
} catch (JWTDecodeException e) {
return null;
}
}
/**
*
*
* @param token
* @return
*/
public static String getUserName(String token) {
try {
DecodedJWT jwt = parseJWT(token);
return jwt.getClaim(USER_NAME) != null ? jwt.getClaim(USER_NAME).asString() : null;
} catch (JWTDecodeException e) {
return null;
}
}
/**
*
*
* @param token
* @return
*/
public static String getAppCode(String token) {
try {
DecodedJWT jwt = parseJWT(token);
return jwt.getClaim(APP_CODE) != null ? jwt.getClaim(APP_CODE).asString() : null;
} catch (JWTDecodeException e) {
return null;
}
}
/**
* JWT
*
* @param jwt
* @return
*/
public static DecodedJWT parseJWT(String jwt) {
Algorithm algorithm = Algorithm.HMAC256(SECRET);
return JWT.require(algorithm).build().verify(jwt);
}
}
UserRealm
ログイン後にtokenを解析し、現在のユーザー情報とユーザーtokenを設定します.
@Slf4j
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
/**
* , Shiro
*/
@Override
public boolean supports(AuthenticationToken token) {
return token instanceof JWTToken;
}
/**
* , checkRole,checkPermission
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
//
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
return authorizationInfo;
}
/**
* Token, Token
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
String token = (String) auth.getCredentials();
String userName = JWTUtil.getUserName(token);
Long userId = JWTUtil.getUserId(token);
log.debug(" :" + token + ", " + userId);
if (StringUtils.isEmpty(userName) || userId == null) {
throw new AuthenticationException(" , Token ");
}
UserVO user = userService.getUserInfo(userName, userId);
log.debug(" :" + user);
if (user == null) {
throw new AuthenticationException(" , ");
} else {
user.setToken(token);
return new SimpleAuthenticationInfo(user, token, getName());
}
}
@Override
public String getName() {
return "familyRealm";
}
}
JWTToken
tokenストレージオブジェクト
public class JWTToken implements AuthenticationToken {
private static final long serialVersionUID = -8414484413319621557L;
// public static final String TOKEN_PREFIX = "FAMILY_TOKEN_";
//
private String token;
public JWTToken(String token) {
this.token = token;
}
@Override
public Object getPrincipal() {
return token;
}
@Override
public Object getCredentials() {
return token;
}
}
Shiro
Shiro関連の構成
@Configuration
public class ShiroConfig {
/**
*
* Shiro
*
* @return
*/
@Bean
public Realm passwordAuthorizingRealm() {
return new UserRealm();
}
@Bean
public ModularRealmAuthenticator modularRealmAuthenticator() {
ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
return modularRealmAuthenticator;
}
@Bean
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setAuthenticator(modularRealmAuthenticator());
List<Realm> realms = new ArrayList<>();
realms.add(passwordAuthorizingRealm());
securityManager.setRealms(realms);
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/**
* Token SessionManager
*
* @return
*/
@Bean
public SessionManager sessionManager() {
TokenSessionManager sessionManager = new TokenSessionManager();
return sessionManager;
}
/**
* ShiroFilter
*
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login/index.html");
//
shiroFilterFactoryBean.getFilters().put("authc", new JWTFilter());
//
LogoutFilter logout = new LogoutFilter();
shiroFilterFactoryBean.getFilters().put("logout", logout);
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
//
filterChainDefinitionMap.put("/static/**", "anon");
// filterChainDefinitionMap.put("/api/common/**", "anon");
//
filterChainDefinitionMap.put("/login**", "anon");
filterChainDefinitionMap.put("/login/**", "anon");
filterChainDefinitionMap.put("/login/login", "anon");
//
filterChainDefinitionMap.put("/api/**", "authc");
filterChainDefinitionMap.put("/test/**", "authc");
filterChainDefinitionMap.put("/**", "authc");
//
shiroFilterFactoryBean.setSuccessUrl("/index");
// ;
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
}
html.js
hmlにはajaxグローバルリクエストヘッダが設定されており、jsを導入するとajaxは設定したtokenを持参します
var isLogin = true; //
var token = localStorage.getItem("token") || '';
$.ajaxSetup({
dataType: "json",
// cache: false,
headers: {
"auth-token": token
},
xhrFields: {
withCredentials: true
},
complete: function(xhr) {
//token ,
if(xhr.responseJSON != undefined && xhr.responseJSON.code != undefined){
if( xhr.responseJSON.code == 401 && isLogin){
window.location = '/login/index.html';
}
}
}
});