JwtAuthorizationFilter config

最新推荐文章于 2024-04-18 19:15:59 发布

再遇狂神说

最新推荐文章于 2024-04-18 19:15:59 发布

阅读量543

点赞数

分类专栏： java

本文链接：https://blog.csdn.net/GGHuWei/article/details/118864627

版权

java 专栏收录该内容

12 篇文章 0 订阅

订阅专栏

package github.javaguide.springsecurityjwtguide.security.filter;

import github.javaguide.springsecurityjwtguide.security.common.constants.SecurityConstants;
import github.javaguide.springsecurityjwtguide.security.common.utils.JwtTokenUtils;
import io.jsonwebtoken.JwtException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**

@author shuang.kou
@description 过滤器处理所有HTTP请求，并检查是否存在带有正确令牌的Authorization标头。例如，如果令牌未过期或签名密钥正确。
*/
@Slf4j
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {

private final StringRedisTemplate stringRedisTemplate;

public JwtAuthorizationFilter(AuthenticationManager authenticationManager, StringRedisTemplate stringRedisTemplate) {
super(authenticationManager);
this.stringRedisTemplate = stringRedisTemplate;
}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
String token = request.getHeader(SecurityConstants.TOKEN_HEADER);
if (token == null || !token.startsWith(SecurityConstants.TOKEN_PREFIX)) {
SecurityContextHolder.clearContext();
chain.doFilter(request, response);
return;
}
String tokenValue = token.replace(SecurityConstants.TOKEN_PREFIX, “”);
UsernamePasswordAuthenticationToken authentication = null;
try {
String previousToken = stringRedisTemplate.opsForValue().get(JwtTokenUtils.getId(tokenValue));
if (!token.equals(previousToken)) {
SecurityContextHolder.clearContext();
chain.doFilter(request, response);
return;
}
authentication = JwtTokenUtils.getAuthentication(tokenValue);
} catch (JwtException e) {
logger.error("Invalid jwt : " + e.getMessage());
}
SecurityContextHolder.getContext().setAuthentication(authentication);
chain.doFilter(request, response);
}
}

再遇狂神说

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
JwtAuthorizationFilter config

package github.javaguide.springsecurityjwtguide.security.filter;import github.javaguide.springsecurityjwtguide.security.common.constants.SecurityConstants;import github.javaguide.springsecurityjwtguide.security.common.utils.JwtTokenUtils;import io.jsonw
复制链接

扫一扫