ruoyi-cloud认证-token改造为双token

最新推荐文章于 2024-09-05 14:23:55 发布
最新推荐文章于 2024-09-05 14:23:55 发布
阅读量2.7k 收藏 6
点赞数
文章标签: redis java 数据库
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xxxx1243/article/details/127968144
版权

ruoyi-cloud认证-token改造为双token

前言

Token在计算机身份认证中是令牌(临时)的意思,在词法分析中是标记的意思。一般作为邀请、登录系统使用。

什么是双token

双token一般是指:access_token和refresh_token。

access_token是一种JWT(json web token),有效时间通常较短,用户在获取资源的时候需要携带access_token,当access_token过期后,如果是活跃用户,就需要使用refresh_token获取一个新的access_token,这样就避免了用户使用正high被踢出去,重新登录,那估计摔手机都有可能。但是对于登录上去,长时间不操作的用户呢,一般会设置超时时间,比如:设置5分钟超时时间,那连续5分钟没有任何操作就会被认为是超时,就会被请下去,需要重新登录,获取新的token。

ruoyi-cloud的token机制简述

  1. 在登录成功后,创建token。
    首先创建UUID,作为userKey,以该key为主键存储用户信息到redis,设置过期时间。
    其次,使用userKey及用户部分信息生成JWT token。而该JWT token即为对客户端暴漏的用户token。
  2. 在业务调用期间,由Gateway的com.ruoyi.gateway.filter.AuthFilter对token的合法性进行校验。上面说到,JWT token中包含userKey信息,则解析JWT token后,即可通过userKey从redis中获取到用户信息。当redis中该信息不存在,则意味着用户token失效。
  3. 那么ruoyi-cloud是怎么对token延期的呢?在com.ruoyi.common.security.interceptor.HeaderInterceptor中可以看到,在每次请求中都调用方法com.ruoyi.common.security.auth.AuthUtil.verifyLoginUserExpire(loginUser),该方法最终执行逻辑如下:
public void verifyToken(LoginUser loginUser)
    {
        long expireTime = loginUser.getExpireTime();
        long currentTime = System.currentTimeMillis();
        if (expireTime - currentTime <= MILLIS_MINUTE_TEN)
        {
            refreshToken(loginUser);
        }
    }

 
 

 
 
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

即当过期时间减去当前时间小于某一固定时间时,则刷新token。实际是做了token延期处理。

以上,即为ruoyi-cloud的token机制。

存在的问题

  1. 一个token可无限延期下去,过期时间越长,则安全性越低;
  2. token延期的机制,取决于用户请求的时间点、token过期时长、及MILLIS_MINUTE_TEN的取值。比如:token有效时长30分钟,MILLIS_MINUTE_TEN的取值为15分钟,那么在登录后的前15分钟,不会刷新token,即不会延长token。这样就形成了,我在第14分钟还在操作,本身人为要到第44分钟token才会过期,结果在第30分钟token就过期了。(😊有点绕)

如何改造

主要流程见下图:
双token认证机制

主要处理逻辑

  1. 用户登录验证通过,则分别生成accessToken、refreshToken,并将它们对应的过期时间一并返回给客户端;
  2. 客户端存储信息,在每次业务交互时,验证本地的token过期时间;
  3. 如果accessToken未过期,则携带accessToken调用业务接口;
  4. 如果accessToken已过期,refreshToken未过期,则携带refreshToken调用/auth/refresh接口,获取新的accessToken;
  5. 如果accessToken已过期,refreshToken已过期,则跳转要求重新登录。

实现关键代码

登录token创建
public Map<String, Object> createAllToken(LoginUser loginUser)
    {
        String token = IdUtils.fastUUID();
        String refToken = IdUtils.fastUUID();
        Long userId = loginUser.getSysUser().getUserId();
        Long deptId = loginUser.getSysUser().getDeptId();
        String userName = loginUser.getSysUser().getUserName();
        long currentTimeMillis = System.currentTimeMillis();
        long expires_time = currentTimeMillis+ expireTime * MILLIS_MINUTE;
        long refresh_expires_time = currentTimeMillis + refreshExpireTime * MILLIS_MINUTE;

    loginUser<span class="token punctuation">.</span><span class="token function">setUserid</span><span class="token punctuation">(</span>userId<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setUsername</span><span class="token punctuation">(</span>userName<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setDeptId</span><span class="token punctuation">(</span>deptId<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setIpaddr</span><span class="token punctuation">(</span><span class="token class-name">IpUtils</span><span class="token punctuation">.</span><span class="token function">getIpAddr</span><span class="token punctuation">(</span><span class="token class-name">ServletUtils</span><span class="token punctuation">.</span><span class="token function">getRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setLoginTime</span><span class="token punctuation">(</span><span class="token class-name">System</span><span class="token punctuation">.</span><span class="token function">currentTimeMillis</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setToken</span><span class="token punctuation">(</span>token<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setRefToken</span><span class="token punctuation">(</span>refToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setExpireTime</span><span class="token punctuation">(</span>expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setRefExpireTime</span><span class="token punctuation">(</span>refresh_expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>

    <span class="token function">cacheAllToken</span><span class="token punctuation">(</span>loginUser<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// Jwt存储信息</span>
    <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> claimsMap <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>USER_KEY<span class="token punctuation">,</span> token<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USER_ID<span class="token punctuation">,</span> userId<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_DEPT_ID<span class="token punctuation">,</span> deptId<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USERNAME<span class="token punctuation">,</span> userName<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE_ACCESS<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> accToken <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">createToken</span><span class="token punctuation">(</span>claimsMap<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// Jwt ref token</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>USER_KEY<span class="token punctuation">,</span> refToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE_REFRESH<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> refreshToken <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">createToken</span><span class="token punctuation">(</span>claimsMap<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 接口返回信息</span>
    <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> rspMap <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"access_token"</span><span class="token punctuation">,</span> accToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"expires_in"</span><span class="token punctuation">,</span> expireTime<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"expires_time"</span><span class="token punctuation">,</span> expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"refresh_token"</span><span class="token punctuation">,</span> refreshToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"refresh_expires_in"</span><span class="token punctuation">,</span> refreshExpireTime<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"refresh_expires_time"</span><span class="token punctuation">,</span> refresh_expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>

    <span class="token keyword">return</span> rspMap<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45

可以看到,创建两个token,并返回。且两个token的信息中,仅userKey、过期时间不一致,其余信息都一致。两个token都作为userKey,存储用户信息到redis。refreshToken的过期时间长与accessToken的过期时间。

token刷新

根据refreshToken获取到用户信息

String userkey = JwtUtils.getUserKey(refreshToken);
return redisService.getCacheObject(getRefTokenKey(userkey));

 
 

 
 
  • 1
  • 2

从refreshToken中解析出userKey,然后取出登录用户信息。

创建accessToken,并建立新的accessToken与refreshToken的映射关系

public Map<String, Object> createAccessToken(LoginUser loginUser)
    {
        // 在创建新的accessToken前,判断之前的token是否存在,如果存在则删除
        String oldToken = loginUser.getToken();
        delAccessToken(oldToken);
        String token = IdUtils.fastUUID();
        long currentTimeMillis = System.currentTimeMillis();
        long expires_time = currentTimeMillis+ expireTime * MILLIS_MINUTE;

    loginUser<span class="token punctuation">.</span><span class="token function">setIpaddr</span><span class="token punctuation">(</span><span class="token class-name">IpUtils</span><span class="token punctuation">.</span><span class="token function">getIpAddr</span><span class="token punctuation">(</span><span class="token class-name">ServletUtils</span><span class="token punctuation">.</span><span class="token function">getRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setLoginTime</span><span class="token punctuation">(</span><span class="token class-name">System</span><span class="token punctuation">.</span><span class="token function">currentTimeMillis</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setToken</span><span class="token punctuation">(</span>token<span class="token punctuation">)</span><span class="token punctuation">;</span>
    loginUser<span class="token punctuation">.</span><span class="token function">setExpireTime</span><span class="token punctuation">(</span>expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>

    <span class="token function">cacheAccessToken</span><span class="token punctuation">(</span>loginUser<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// Jwt存储信息</span>
    <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> claimsMap <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>USER_KEY<span class="token punctuation">,</span> token<span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USER_ID<span class="token punctuation">,</span> loginUser<span class="token punctuation">.</span><span class="token function">getUserid</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_DEPT_ID<span class="token punctuation">,</span> loginUser<span class="token punctuation">.</span><span class="token function">getDeptId</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USERNAME<span class="token punctuation">,</span> loginUser<span class="token punctuation">.</span><span class="token function">getUsername</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    claimsMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE_ACCESS<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> accToken <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">createToken</span><span class="token punctuation">(</span>claimsMap<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 接口返回信息</span>
    <span class="token class-name">Map</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span> rspMap <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">HashMap</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">,</span> <span class="token class-name">Object</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"access_token"</span><span class="token punctuation">,</span> accToken<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"expires_in"</span><span class="token punctuation">,</span> expireTime<span class="token punctuation">)</span><span class="token punctuation">;</span>
    rspMap<span class="token punctuation">.</span><span class="token function">put</span><span class="token punctuation">(</span><span class="token string">"expires_time"</span><span class="token punctuation">,</span> expires_time<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">return</span> rspMap<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30

token的刷新,实际我这里仅创建了新的accessToken,这里就要求将refreshToken的超时时间设置的足够长。这个需要根据业务实际需要综合考虑。实际也可以通过延长refreshToken的过期时间解决。

token的验证
    private static final String REFRESH_PATH = "/auth/refresh";
	public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
        ServerHttpRequest.Builder mutate = request.mutate();

    <span class="token class-name">String</span> url <span class="token operator">=</span> request<span class="token punctuation">.</span><span class="token function">getURI</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">getPath</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 跳过不需要验证的路径</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">StringUtils</span><span class="token punctuation">.</span><span class="token function">matches</span><span class="token punctuation">(</span>url<span class="token punctuation">,</span> ignoreWhite<span class="token punctuation">.</span><span class="token function">getWhites</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> chain<span class="token punctuation">.</span><span class="token function">filter</span><span class="token punctuation">(</span>exchange<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    <span class="token class-name">String</span> token <span class="token operator">=</span> <span class="token function">getToken</span><span class="token punctuation">(</span>request<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">StringUtils</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>token<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token function">unauthorizedResponse</span><span class="token punctuation">(</span>exchange<span class="token punctuation">,</span> <span class="token string">"令牌不能为空"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    <span class="token class-name">Claims</span> claims <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">parseToken</span><span class="token punctuation">(</span>token<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span>claims <span class="token operator">==</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token function">unauthorizedResponse</span><span class="token punctuation">(</span>exchange<span class="token punctuation">,</span> <span class="token string">"令牌已过期或验证不正确!"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    <span class="token class-name">String</span> userkey <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">getUserKey</span><span class="token punctuation">(</span>claims<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> tokenType <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">getTokenType</span><span class="token punctuation">(</span>claims<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">boolean</span> isLogin<span class="token punctuation">;</span>
    <span class="token keyword">if</span><span class="token punctuation">(</span><span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>TOKEN_TYPE_ACCESS<span class="token punctuation">.</span><span class="token function">equalsIgnoreCase</span><span class="token punctuation">(</span>tokenType<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">{<!-- --></span>
        isLogin <span class="token operator">=</span> redisService<span class="token punctuation">.</span><span class="token function">hasKey</span><span class="token punctuation">(</span><span class="token function">getTokenKey</span><span class="token punctuation">(</span>userkey<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span><span class="token keyword">else</span><span class="token punctuation">{<!-- --></span>
        <span class="token comment">// 如果时refreshToken,则url只能是刷新接口。</span>
        <span class="token keyword">if</span><span class="token punctuation">(</span><span class="token operator">!</span>REFRESH_PATH<span class="token punctuation">.</span><span class="token function">equalsIgnoreCase</span><span class="token punctuation">(</span>url<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">{<!-- --></span>
            <span class="token keyword">return</span> <span class="token function">unauthorizedResponse</span><span class="token punctuation">(</span>exchange<span class="token punctuation">,</span> <span class="token string">"令牌验证失败"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token punctuation">}</span>
        isLogin <span class="token operator">=</span> redisService<span class="token punctuation">.</span><span class="token function">hasKey</span><span class="token punctuation">(</span><span class="token function">getRefTokenKey</span><span class="token punctuation">(</span>userkey<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span>isLogin<span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token function">accUnauthorizedResponse</span><span class="token punctuation">(</span>exchange<span class="token punctuation">,</span> <span class="token string">"登录状态已过期"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
    <span class="token class-name">String</span> userid <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">getUserId</span><span class="token punctuation">(</span>claims<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> username <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">getUserName</span><span class="token punctuation">(</span>claims<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token class-name">String</span> deptId <span class="token operator">=</span> <span class="token class-name">JwtUtils</span><span class="token punctuation">.</span><span class="token function">getDeptId</span><span class="token punctuation">(</span>claims<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">StringUtils</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>userid<span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token class-name">StringUtils</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>username<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{<!-- --></span>
        <span class="token keyword">return</span> <span class="token function">unauthorizedResponse</span><span class="token punctuation">(</span>exchange<span class="token punctuation">,</span> <span class="token string">"令牌验证失败"</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token comment">// 设置用户信息到请求</span>
    <span class="token function">addHeader</span><span class="token punctuation">(</span>mutate<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>USER_KEY<span class="token punctuation">,</span> userkey<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token function">addHeader</span><span class="token punctuation">(</span>mutate<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USER_ID<span class="token punctuation">,</span> userid<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token function">addHeader</span><span class="token punctuation">(</span>mutate<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_DEPT_ID<span class="token punctuation">,</span> deptId<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token function">addHeader</span><span class="token punctuation">(</span>mutate<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>DETAILS_USERNAME<span class="token punctuation">,</span> username<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token comment">// 内部请求来源参数清除</span>
    <span class="token function">removeHeader</span><span class="token punctuation">(</span>mutate<span class="token punctuation">,</span> <span class="token class-name">SecurityConstants</span><span class="token punctuation">.</span>FROM_SOURCE<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">return</span> chain<span class="token punctuation">.</span><span class="token function">filter</span><span class="token punctuation">(</span>exchange<span class="token punctuation">.</span><span class="token function">mutate</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">request</span><span class="token punctuation">(</span>mutate<span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49

这里为了严格控制,实际对accessToken、refreshToken增加了tokenType字段。限定refreshToken只能在访问/auth/refresh接口时访问。

以上步骤即完成了双token的改造。

最后

至于为什么改造为双token,以及双token有哪些好处?我在这里就不一一阐述了。
大家有兴趣可以看下这篇文章:http://www.mobiletrain.org/about/BBS/77900.html

xxxx1243
关注
token校验机制
marko_zheng的博客
11-15 1万+
token校验机制 什么是token token是客户端登陆的时候由服务端生成,之后每次请求都需要携带token进行请求。校验用户身份呢的作用 为什么使用token 减少敏感信息的传递 可以校验用户身份的准确性以及有效期 单token登录流程以及请求校验流程 注意 token是使用base64的形式进行加密的 是有一部分存储在客户端中,所以,token中不建议存放敏感信息 token校验机制 场景设想: ​ 用户正在app或者应用中操作 token突然过期,此时用户不得不返回登陆界面,重新进行一
Token校验机制
swk1300524046的博客
10-17 788
Toekn机制token
若依框架学习(九)关于登录token过期如何处理
热门推荐
weixin_41262132的博客
02-12 1万+
在第一节的部分我们也知道登录的流程,但当后台发现redis缓存的登陆实体类过期了,是怎么处理并且怎么给前端发送消息? 其实SpringSecurity有一个config配置SecurityConfig类,继承于WebSecurityConfigurerAdapter 其中重写了configure()方法,用来自定义过滤和拦截处理 红线框就是处理登录token过期,实质上认证失败处理类,只不过token过期认证失败的一种情况。 我们看下这个类做了什么? 我们点击紫色的属性 通过这个注入的实现类看看 @C
若依框架登录鉴权详解(动态路由)
警警的博客
09-05 1355
若依框架登录鉴权:1.获取token过期在响应拦截器中实现),2.基于RBAC模型获取用户、角色和权限信息(在路由前置守卫),3.根据用户权限动态生成(从字符串->组件,根据permission添加动态路由信息)和添加路由addRoutes(在路由前置守卫)
若依 ruoyi 单体token(url区分)
yangziqi098的博客
08-11 363
若依单体工程,token,主逻辑不动,放行全部自定义拦截接口,再单独拦截自定义url,登录、获取登录用户信息
山东大学项目实训(二十五)—— 结合请求拦截和响应拦截实现token机制
long99920的博客
05-08 1278
实现token,解决token过期存在的并发请求问题
ruoyi-cloud项目的上云 关于kubesphere的使用细节
05-23
ruoyi-cloud项目上云:Kubernetes与KubeSphere实战》 在现代云计算环境中,ruoyi-cloud项目上云的实现通常涉及到容器化技术,如Kubernetes(K8S)以及云原生平台KubeSphere。本文将深入探讨如何通过KubeSphere...
RuoYi-Cloud-Plus 微服务通用权限管理系统, 重写RuoYi-Cloud所有功能
05-20
微服务管理系统 重写RuoYi-Cloud所有功能 整合 SpringCloudAlibaba Dubbo3.0 Sa-Token Mybatis-Plus MQ OSS ES Xxl-Job Docker 全方位升级
RuoYi-Cloud-Plus 微服务通用权限管理系统 重写 RuoYi-Cloud 全方位升级(不兼容原框架)
12-24
微服务管理系统 重写RuoYi-Cloud所有功能 整合 SpringCloudAlibaba、Dubbo3.0、Sa-Token、Mybatis-Plus、MQ、OSS、ES、Docker 全方位升级 定期同步
基于SpringCloudAlibaba的RuoYi-Cloud-Plus微服务设计源码全面升级版
最新发布
09-26
该项目为全面升级的RuoYi-Cloud-Plus微服务系统源码,基于SpringCloudAlibaba框架构建,融合了Dubbo3.0、Sa-Token、Mybatis-Plus、MQ、Flowable、ES等先进技术,并支持Docker容器化部署。系统代码包含1955个文件,...
token实现token超时策略示例
09-04
用于restful的app应用无状态无sesion登录示例,需要的朋友可以参考下
改造若依/RuoYi-Cloud项目ruoyi-auth工程导致读取不到nacos上的配置的redis信息
qq_24575467的博客
11-03 846
若依官方提示nacos版本至少要2.0.4以上,所以在下载nacos的时候,注意匹配对应的版本,至少要高于2.0.4,直接升级nacos版本。在版本符合要求时,发现仍然连接redis失败,可尝试把项目的yml格式文件,改成properties格式。
【Vue3项目】登录注册--Token机制
aDiaoYa_的博客
08-12 2135
最近同项目的伙伴告诉我们一个“新词汇”——Token登录机制,emmmmm,确实没了解过,据说是在实现token长期有效的同时,防止token被第三方盗用,提高用户信息的安全性。于是,在了解了大概之后,我找了很多篇文章去学习Token的实现过程,总结如下。一般我们实现用户登录是:用户登录向服务端发送账号密码信息,登录失败返回客户端重新填写并发送用户信息;登录成功服务端生成token并返回token给客户端,客户端将token存本地。那么问题来了,token的有效期应该是多久呢?
token方案
奔跑的菜鸡
08-24 425
token方案
山东大学项目实训(二)—— 请求封装和TOKEN机制
long99920的博客
04-04 2673
山东大学项目实训
Token方案实现Token自动续期(基于springboot+vue前后端分离项目)
qq_44286009的博客
06-10 2564
jwt理论介绍springboot+vue项目中使用jwt实现登录认证本篇文章的代码是在springboot+vue项目中使用jwt实现登录认证的基础上实现的Token自动续期的功能。token解决方案是一种用于增强用户登录安全性和提升用户体验的认证机制。它主要涉及两个令牌:访问令牌(accessToken)和刷新令牌(refreshToken)。
Token 无感刷新机制实现
Hhzzy99的博客
07-07 1245
基于vue Java实现token的无感刷新
基于spring security实现vue2前后端分离的token刷新机制(完整代码详解,含金量拉满!)
qq_60614034的博客
03-27 3918
网上许多博主,放张图片讲讲token原理就发出来,没有含金量,还耽误大伙的时间。但是我不一样,我将会把代码的每一步骤都讲明白,并把详细代码放出来,让每一位看到的人都能跟着一步步自己搞,弄明白每一步的执行流程。要是觉得我跟那些博主一样,也是水文章,互相抄袭,请在评论区直接开骂。如果是第一次接触security请看这篇spring security单token前后端分离详细配置。
ruoyi-cloud部署docker
04-26
Ruoyi-Cloud是一个基于Spring Cloud的微服务框架,可以使用Docker进行部署。下面是Ruoyi-Cloud部署Docker的步骤: 1. 首先,确保你已经安装了Docker和Docker Compose。如果没有安装,可以参考Docker官方文档进行安装。 2. 下载Ruoyi-Cloud的代码,可以从GitHub上找到Ruoyi-Cloud的仓库并下载代码。 3. 在项目根目录下创建一个名为`docker-compose.yml`的文件,并在该文件中定义Docker容器的配置。以下是一个示例的`docker-compose.yml`文件: ```yaml version: '3' services: ruoyi-cloud: image: openjdk:8-jdk-alpine ports: - 8080:8080 volumes: - ./ruoyi-cloud:/app command: java -jar /app/ruoyi-cloud.jar depends_on: - mysql mysql: image: mysql:5.7 ports: - 3306:3306 environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=ruoyi_cloud ``` 在上面的示例中,我们定义了两个服务:`ruoyi-cloud`和`mysql`。`ruoyi-cloud`服务使用了OpenJDK 8的镜像,并将容器的8080端口映射到主机的8080端口。`mysql`服务使用了MySQL 5.7的镜像,并将容器的3306端口映射到主机的3306端口。 4. 在项目根目录下执行以下命令启动Docker容器: ``` docker-compose up -d ``` 这将会启动Ruoyi-Cloud和MySQL的容器,并在后台运行。 5. 等待一段时间,当容器启动完成后,你可以通过访问`http://localhost:8080`来访问Ruoyi-Cloud的应用程序。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值