package com.chinasofti.controller.imp.security;
import java.io.Serializable;
import java.util.Date;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.stereotype.Component;
import com.chinasofti.service.bean.UserDomain;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
/**
* @author
* JwtTokenUtil
*/
@Component("jwtTokenUtil")
public class JwtTokenUtil implements Serializable {
private static final long serialVersionUID = -3301605591108950415L;
static final String CLAIM_KEY_USERNAME = "username";
static final String CLAIM_KEY_PASSWORD = "password";
static final String CLAIM_KEY_CREATED = "created";
//private static final String AUDIENCE_UNKNOWN = "unknown";
//private static final String AUDIENCE_WEB = "web";
//private static final String AUDIENCE_MOBILE = "mobile";
//private static final String AUDIENCE_TABLET = "tablet";
//通过@value注解获取密钥
//@Value("123456")
private String secret="123456";
//通过@value注解获取失效时间
//@Value("${jwt.expiration}")
private Long expiration=300L;
@Resource(name = "tokenConfig")
private Map<String, String> tokenConfig;
/**
* @param token
* return username by Token
*/
public String getUsernameFromToken(String token) {
String username;
try {
final Claims claims = getClaimsFromToken(token);
username = (String) claims.get(CLAIM_KEY_USERNAME);
//username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
/**
* @param token
* return CreatedDate by Token 获取token创建时间
*/
public Date getCreatedDateFromToken(String token) {
Date created;
try {
final Claims claims = getClaimsFromToken(token);
created = new Date((Long) claims.get(CLAIM_KEY_CREATED));
} catch (Exception e) {
created = null;
}
return created;
}
/**
* @param token
* return ExpirationDate by Token 获取token过期时间
*/
public Date getExpirationDateFromToken(String token) {
Date expiration;
try {
final Claims claims = getClaimsFromToken(token);
expiration = claims.getExpiration();
} catch (Exception e) {
expiration = null;
}
return expiration;
}
/**
* @param token
* return Password by Token 获取token的密码
*/
public String getPasswordFromToken(String token) {
String password;
try {
final Claims claims = getClaimsFromToken(token);
password = (String) claims.get(CLAIM_KEY_PASSWORD);
} catch (Exception e) {
password = null;
}
return password;
}
public Claims getClaimsFromToken(String token) {
Claims claims;
try {
claims = Jwts.parser()
//设置签名的密钥
.setSigningKey(secret)
//把token转换成断言
.parseClaimsJws(token)
.getBody();
Date expirationTime = Jwts.parser().setSigningKey(secret).parseClaimsJwt(token).getBody().getExpiration();
} catch (Exception e) {
claims = null;
}
return claims;
}
//生成到期日期
private Date generateExpirationDate() {
return new Date(System.currentTimeMillis() + expiration * 1000);
}
//判断token是否过期
private Boolean isTokenExpired(String token) {
final Date expiration = getExpirationDateFromToken(token);
return expiration.before(new Date());
}
//判断token创建时间是否在密码重置之前
private Boolean isCreatedBeforeLastPasswordReset(Date created, Date lastPasswordReset) {
return (lastPasswordReset != null && created.before(lastPasswordReset));
}
/*private String generateAudience(Device device) {
String audience = AUDIENCE_UNKNOWN;
if (device.isNormal()) {
audience = AUDIENCE_WEB;
} else if (device.isTablet()) {
audience = AUDIENCE_TABLET;
} else if (device.isMobile()) {
audience = AUDIENCE_MOBILE;
}
return audience;
}
//忽略token的过期时间
private Boolean ignoreTokenExpiration(String token) {
String audience = getPasswordFromToken(token);
return (AUDIENCE_TABLET.equals(audience) || AUDIENCE_MOBILE.equals(audience));
}*/
//生成token
public String generateToken(Map<String, Object> claims) {
return Jwts.builder()
.setClaims(claims)
.setExpiration(generateExpirationDate())
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
//判断token是否可以刷新
public Boolean canTokenBeRefreshed(String token, Date lastPasswordReset) {
final Date created = getCreatedDateFromToken(token);
return !isCreatedBeforeLastPasswordReset(created, lastPasswordReset)
&& (!isTokenExpired(token)) ;
/*|| ignoreTokenExpiration(token))*/
}
//刷新token
public String refreshToken(String token) {
String refreshedToken;
try {
final Claims claims = getClaimsFromToken(token);
claims.put(CLAIM_KEY_CREATED, new Date());
refreshedToken = generateToken(claims);
} catch (Exception e) {
refreshedToken = null;
}
return refreshedToken;
}
//判读token是否有效
public Boolean validateToken(String token, UserDomain userDomain) {
// JwtUser user = (JwtUser) userPO;
final String username = getUsernameFromToken(token);
//final Date created = getCreatedDateFromToken(token);
//final Date expiration = getExpirationDateFromToken(token);
if(username==null){
return false;
}else{
return (
username.equals(userDomain.getUsername())
&& !isTokenExpired(token));
//&& !isCreatedBeforeLastPasswordReset(created, user.getLastPasswordResetDate()));
}
}
public String getTokenKey() {
return tokenConfig.get("tokenKey");
}
}
//使用filter对请求进行过滤
package com.chinasofti.controller.imp.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.chinasofti.service.bean.UserDomain;
/**
* @author
TokenCheckFilter
*/
@WebFilter("/*")
public class TokenCheckFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(getClass());
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
request.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
JwtTokenUtil jwtTokenUtil = new JwtTokenUtil();
/*//返回的协议名称,默认是http
System.err.println("返回的协议名称"+req.getScheme());
//返回的是你浏览器中显示的主机名,你自己试一下就知道了
System.err.println("返回的是你浏览器中显示的主机名"+req.getServerName());
//获取服务器端口号
System.err.println("获取服务器端口号 "+req.getServerPort());
//获取当前的系统路径
System.err.println("获取当前的系统路径"+ req.getContextPath());
String path = req.getContextPath();
System.err.println("path" + path);*/
//获取请求主页面路径
String basePath = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort() + req.getContextPath() + "/";
System.err.println("basePath:" + basePath);
// 获得请求的全路径
String reUrl = req.getRequestURL().toString();
System.err.println("获得请求的全路径URL:" + reUrl);
// Checks the given token agains the userDetails retrieved.
if (reUrl.contains("service")) {
if (reUrl.contains("service/login")||reUrl.contains("service/pao")) {
System.err.println("放行");
chain.doFilter(request, response);
} else {
String token = req.getHeader("token");
System.err.println("token:0000000000000" + token);
jwtTokenUtil.getClaimsFromToken(token);
UserDomain userDomain = new UserDomain();
userDomain.setUsername("admin");
Boolean validateToken = jwtTokenUtil.validateToken(token, userDomain);
System.err.println("11111username:" + validateToken);
if (userDomain != null && validateToken) {
System.err.println("未拦截");
chain.doFilter(request, response);
// logger.info(" 请求被放行,刷新token");
String refreshToken = jwtTokenUtil.refreshToken(token);
logger.error(refreshToken, "请求被放行,刷新token");
} else {
System.out.println("URI:" + reUrl + ">>>>访问被拒绝!");
resp.sendRedirect(basePath+"service/pao");
System.out.println(basePath);
}
}
} else {
logger.error("第一次登陆,未拦截");
chain.doFilter(request, response);
}
}
public void destroy() {
}
}