用户认证流程
单点登录结合springsecurity+oauth2+jwt
(一)认证服务申请令牌将令牌信息放到redis中,同时表示信息放到cookie中
(二)认证服务通过feign远程调用用户服务系统,获取用户信息。
获取username因为调用方的前端只有这个username
先写被调用方服务
import com.xuecheng.filesystem.framework.domain.ucenter.ext.XcUserExt;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
@Api("用户中心管理接口")
public interface UCentereControllerApi {
@ApiOperation("查询用户信息")
XcUserExt findUserInfo(String username);
}
@RestController
@RequestMapping("/ucenter")
public class UCenterController implements UCentereControllerApi {
@Autowired
private UserCenterService userCenterService;
@Override
@GetMapping("/getuserext")
public XcUserExt findUserInfo(@RequestParam("username") String username) {
return userCenterService.findUserInfo(username);
}
}
@Service
public class UserCenterService {
@Autowired
private UserRepository userRepository;
@Autowired
private CompanyUserRepository companyUserRepository;
@Autowired
private XcMenuMapper xcMenuMapper;
/**
* 获取用户相关信息
* @param username
* @return
*/
public XcUserExt findUserInfo(String username) {
XcUserExt xcUserExt = new XcUserExt();
//用户基础信息
XcUser xcUser = userRepository.findByUsername(username);
BeanUtils.copyProperties(xcUser,xcUserExt);
//获取公司
XcCompanyUser companyUser = companyUserRepository.findByUserId(xcUser.getId());
if (companyUser != null){
xcUserExt.setCompanyId(companyUser.getCompanyId());
}
/*
//获取当前用户的权限信息
List<XcMenu> menuList = xcMenuMapper.findMenuList(xcUser.getId());
xcUserExt.setPermissions(menuList);*/
return xcUserExt;
}
}
import com.xuecheng.filesystem.framework.client.XcServiceList;
import com.xuecheng.filesystem.framework.domain.ucenter.ext.XcUserExt;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
@FeignClient(name= XcServiceList.XC_SERVICE_UCENTER)
public interface UserClient {
@GetMapping("/ucenter/getuserext")
public XcUserExt findUserInfo(@RequestParam("username") String username);
}
XcUserExt userext = userClient.findUserInfo(username);
if(userext == null){
return null;
}
userext.setPermissions(new ArrayList<XcMenu>());
//取出正确密码(hash值)
String password = userext.getPassword();
登录后显示头像和用户名
1 @ApiOperation("查询jwt")
2 JwtResult getJwt();
3 }
4 @Override
5 @GetMapping("/userjwt")
6 public JwtResult getJwt() {
7 //从coolkie中获取jti信息
8 String jti=this.getJtiFromCookie();
9 //将cookie中的value(jti)作为redis中的key,获取jwt令牌(其实是整个authToke)
10 AuthToken authon= authService.getTokenFormRedis(jti);
11 return new JwtResult(CommonCode.SUCCESS,authon.getAccess_token());
12
13 }
14
15 public AuthToken getTokenFormRedis(String jti) {
16 String key="user_token:"+jti;
17 String tokenString = stringRedisTemplate.boundValueOps(key).get();
18 AuthToken authToken = JSON.parseObject(tokenString, AuthToken.class);
19
20 return authToken;
21 }
退出登录,
删除cookie
1 @Override
2 @PostMapping("/userlogout")
3 public ResponseResult logout() {
4 String jti=this.getJtiFromCookie();
5 authService.delTokenFromRedis(jti);
6 this.delCookie(jti);
7 return null;
8 }
9
10 private void delCookie(String jti) {
11 HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse();
12 CookieUtil.addCookie(response,cookieDomain,"/","uid",jti,0,false);
13
14 }
从redis中删除
public void delTokenFromRedis(String jti) {
String key="user_token:"+jti;
stringRedisTemplate.delete(key);
}
}
(三)加了个网关校验令牌
利用zuul(网关)是在nginx(反向代理,负载均衡)之后,微服务前面,起到微服务安全访问,请求路由,负载均衡,校验过滤作用。
3.1请求转发作用
1.之前访问图片服务:
2,加入网关后
3.2过滤作用