1.JwtFilter 文件
import com.xxx.data.utils.RedisUtil;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.service.spi.ServiceException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
@WebFilter(filterName = "jwtfilter",urlPatterns = "/*")
public class JwtFilter implements Filter {
private Logger logger = LoggerFactory.getLogger(JwtFilter.class);
private static final String TOKEN = "token";
@Autowired
private RedisUtil redisUtil;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
String url = httpServletRequest.getRequestURI().startsWith("/")?httpServletRequest.getRequestURI().substring(1):httpServletRequest.getRequestURI();
logger.info("url:{}",url);
Map<String,Boolean> map = new HashMap<>();
map.put("doc.html",true);
map.put("webjars/bycdao-ui",true);
map.put("swagger-resources",true);
map.put("v2/api-docs",true);
map.put("data/verification/login",true);
map.put("data/enterpriseFollowMonitorDetail/listAll",true);
map.put("data/enterpriseFollowMonitorDetail/update",true);
map.put("data/enterpriseController/enterpriseRecommend",true);
for(String passUrl: map.keySet()){
if(url.contains(passUrl)){
filterChain.doFilter(servletRequest,servletResponse);
logger.info("passUrl:{}",url);
return;
}
}
String token = httpServletRequest.getHeader("token");
if(null==token){
throw new ServiceException("token 不合法!");
}
if(StringUtils.isNotBlank(token)){
if(refreshToken(token)){
filterChain.doFilter(servletRequest,servletResponse);
}
}
}
@Override
public void destroy() {
}
public boolean refreshToken(String token) {
String tokenKey = "sys:user:token" + token ;
String cacheToken =(String)redisUtil.get(tokenKey);
if (StringUtils.isNotEmpty(cacheToken)) {
if (JwtTokenUtil.checkToken(cacheToken)) {
redisUtil.set(tokenKey, cacheToken) ;
redisUtil.expire(tokenKey, 30 * 600 * 2);
return true;
}else{
return false;
}
}else{
if (JwtTokenUtil.checkToken(token)) {
redisUtil.set(tokenKey, token) ;
redisUtil.expire(tokenKey, 30 * 60 * 2);
return true;
}
}
return false;
}
}
2.添加自己的过滤器
import com.huishu.attractInvestment.webapp.invest.config.jwt.JwtFilter;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
LinkedHashMap<String, Filter> filters = new LinkedHashMap<>();
filters.put("jwt", new JwtFilter());
factoryBean.setFilters(filters);
factoryBean.setSecurityManager(securityManager);
factoryBean.setLoginUrl("/login");
factoryBean.setUnauthorizedUrl("/401");
Map<String, String> filterRuleMap = new HashMap<>();
filterRuleMap.put("/**", "jwt");
filterRuleMap.put("/401", "anon");
filterRuleMap.put("/controller/login/**","anon");
factoryBean.setFilterChainDefinitionMap(filterRuleMap);
return factoryBean;
}
}