【JWT鉴权续期接口】上传reflashCheck头代码

db96ce5e · Tyl666 · 965ef9b3 · db96ce5e · db96ce5e
--- a/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
+++ b/ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
@@ -81,10 +81,9 @@ public class ClientAuthenticationResource
        // 返回 token
        return ResponseEntity.ok().body(new AuthenticationInfo(token,user2));
    }
+
    @PostMapping(value = "v7/reflashToken")
    public String reflashToken(@Validated @RequestBody @NotNull(message = "token不能为空") String oldToken) {
-        // 查询过期时间
-        final Date created = jwtTokenUtil.getExpirationDateFromToken(oldToken);
        // 查询token里面的用户名
        String username = jwtTokenUtil.getUsernameFromToken(oldToken);
        // 根据用户名取缓存的用户对象
@@ -96,6 +95,9 @@ public class ClientAuthenticationResource
        if (ObjectUtils.isEmpty(tok)) {
            return oldToken;
        } else {
+            if(System.currentTimeMillis() - tok.getDate().getTime() >= (expiration / 4)){
+                return tok.getNewToken();
+            }
            String newToken = jwtTokenUtil.generateToken(user);
            tok = tokenReflashService.setToken(newToken, oldToken);
            return tok.getNewToken();

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthorizationTokenFilter.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthorizationTokenFilter.java
@@ -20,10 +20,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
+import java.util.*;

 @Slf4j
 @Component
@@ -35,6 +32,9 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
    private Set<String> excludesPattern = new HashSet<>();
    private PathMatcher pathMatcher = new AntPathMatcher();

+    @Value("${ibiz.jwt.deadLine:1800000}")
+    private Long deadLine;
+
    public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
        this.userDetailsService = userDetailsService;
        this.authTokenUtil = authTokenUtil;
@@ -80,10 +80,23 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
                log.info("authorizated user '{}', setting security context", username);
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
+            // 验证token是否濒临过期
+            if (refreshCheck(authTokenUtil.getExpirationDateFromToken(authToken), System.currentTimeMillis())) {
+                // 赋予前台一个刷新Token标识
+                response.setHeader("reflashToken", "true");
+            }
        }
        chain.doFilter(request, response);
    }

+    private boolean refreshCheck(Date expirationDate, Long currentTimeMillis) {
+        // 还剩一个小时的时间就返回true
+        if (currentTimeMillis - expirationDate.getTime() >= deadLine) {
+            return true;
+        }
+        return false;
+    }
+
    public void setExcludesPattern(String excludesPattern) {
        this.excludesPattern = new HashSet(Arrays.asList(excludesPattern.split("\\s*,\\s*")));
    }