提交 db96ce5e 编写于 作者: Tyl666's avatar Tyl666

【JWT鉴权续期接口】上传reflashCheck头代码

上级 965ef9b3
......@@ -81,10 +81,9 @@ public class ClientAuthenticationResource
// 返回 token
return ResponseEntity.ok().body(new AuthenticationInfo(token,user2));
}
@PostMapping(value = "v7/reflashToken")
public String reflashToken(@Validated @RequestBody @NotNull(message = "token不能为空") String oldToken) {
// 查询过期时间
final Date created = jwtTokenUtil.getExpirationDateFromToken(oldToken);
// 查询token里面的用户名
String username = jwtTokenUtil.getUsernameFromToken(oldToken);
// 根据用户名取缓存的用户对象
......@@ -96,6 +95,9 @@ public class ClientAuthenticationResource
if (ObjectUtils.isEmpty(tok)) {
return oldToken;
} else {
if(System.currentTimeMillis() - tok.getDate().getTime() >= (expiration / 4)){
return tok.getNewToken();
}
String newToken = jwtTokenUtil.generateToken(user);
tok = tokenReflashService.setToken(newToken, oldToken);
return tok.getNewToken();
......
......@@ -20,10 +20,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.*;
@Slf4j
@Component
......@@ -35,6 +32,9 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
private Set<String> excludesPattern = new HashSet<>();
private PathMatcher pathMatcher = new AntPathMatcher();
@Value("${ibiz.jwt.deadLine:1800000}")
private Long deadLine;
public AuthorizationTokenFilter(AuthenticationUserService userDetailsService, AuthTokenUtil authTokenUtil, @Value("${ibiz.jwt.header:Authorization}") String tokenHeader) {
this.userDetailsService = userDetailsService;
this.authTokenUtil = authTokenUtil;
......@@ -80,10 +80,23 @@ public class AuthorizationTokenFilter extends OncePerRequestFilter {
log.info("authorizated user '{}', setting security context", username);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
// 验证token是否濒临过期
if (refreshCheck(authTokenUtil.getExpirationDateFromToken(authToken), System.currentTimeMillis())) {
// 赋予前台一个刷新Token标识
response.setHeader("reflashToken", "true");
}
}
chain.doFilter(request, response);
}
private boolean refreshCheck(Date expirationDate, Long currentTimeMillis) {
// 还剩一个小时的时间就返回true
if (currentTimeMillis - expirationDate.getTime() >= deadLine) {
return true;
}
return false;
}
public void setExcludesPattern(String excludesPattern) {
this.excludesPattern = new HashSet(Arrays.asList(excludesPattern.split("\\s*,\\s*")));
}
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册