JWT的TOKEN續期功能
2019-02-13閱讀 3.1K0
JWT里有一個關鍵的東東,就是續期TOKEN,即TOKEN快過期時,刷新一個新的TOKEN給客戶端.
辦法如下:
1.后端生成TOKEN

import com.starmark.core.shiro.model.SecurityUser;
import com.starmark.core.shiro.model.UserLoginToken;
import com.starmark.core.shiro.util.JWTUtil;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.Objects;

public class JwtAuthFilter extends AuthenticatingFilter {
private final Logger log = LoggerFactory.getLogger(JwtAuthFilter.class);
//10分鐘后刷新token
private static final int tokenRefreshInterval = 60 * 10;

@Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {HttpServletRequest httpServletRequest = WebUtils.toHttp(request);if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) //對于OPTION請求做攔截，不做token校驗return false;return super.preHandle(request, response); }@Override protected void postHandle(ServletRequest request, ServletResponse response) {request.setAttribute("jwtShiroFilter.FILTERED", true); }@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {if (this.isLoginRequest(request, response)) {return true;}Boolean afterFiltered = (Boolean) (request.getAttribute("jwtShiroFilter.FILTERED"));if (BooleanUtils.isTrue(afterFiltered))return true;boolean allowed = false;try {allowed = executeLogin(request, response);} catch (IllegalStateException e) { //not found any tokenlog.error("Not found any token");} catch (Exception e) {log.error("Error occurs when login", e);}return allowed || super.isPermissive(mappedValue); }@Override protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {String jwtToken = getAuthzHeader(servletRequest);if (StringUtils.isNotBlank(jwtToken) && !JWTUtil.isTokenExpired(jwtToken))return UserLoginToken.buildPassword(jwtToken, null, "jwt");return null; }@Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {HttpServletResponse httpResponse = WebUtils.toHttp(servletResponse);httpResponse.sendRedirect("/unauth");return false; }@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) {HttpServletResponse httpResponse = WebUtils.toHttp(response);if (token instanceof UserLoginToken && "jwt".equalsIgnoreCase(((UserLoginToken) token).getLoginType())) {UserLoginToken jwtToken = (UserLoginToken) token;boolean shouldRefresh = shouldTokenRefresh(Objects.requireNonNull(JWTUtil.getIssuedAt(jwtToken.getUsername())));if (shouldRefresh) {//生成新的TOKENSecurityUser user = (SecurityUser) subject.getPrincipal();String newToken = JWTUtil.sign(user.getUserInfo().getId());httpResponse.setHeader("x-auth-token", newToken);}}return true; }@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {log.error("Validate token fail, token:{}, error:{}", token.toString(), e.getMessage());return false; }/*** 獲取TOKEN* @param request 請求* @return token*/ private String getAuthzHeader(ServletRequest request) {HttpServletRequest httpRequest = WebUtils.toHttp(request);String header = httpRequest.getHeader("x-auth-token");return StringUtils.removeStart(header, "Bearer "); }/*** 判斷是否需要刷新TOKEN* @param issueAt token簽發日期* @return 是否需要刷新TOKEN*/ private boolean shouldTokenRefresh(Date issueAt) {LocalDateTime issueTime = LocalDateTime.ofInstant(issueAt.toInstant(), ZoneId.systemDefault());return LocalDateTime.now().minusSeconds(tokenRefreshInterval).isAfter(issueTime); }

}
原簽發TOKEN后10分鐘后刷新新的TOKEN

2.前端獲取TOKEN

// 攔截響應response，并做一些錯誤處理
axios.interceptors.response.use((response) => {
if(response.status ===200 && response.data && response.data.code === 401) {
//console.log(window.location.origin);

window.location.href=window.location.origin+window.location.pathname+'#/login'; }//獲取返回的TOKEN const token=response.headers['x-auth-token'];if(token) {//將續期的TOKEN存起來localStorage.setItem("token",token) ; } // 這里是填寫處理信息 return response;

}, (err) => { // 這里是返回狀態碼不為200時候的錯誤處理
console.log(err);
if(err && err.response) {
switch(err.response.data.code) {
case 400:
err.message = ‘請求錯誤’;
break;

case 401:err.message = '未授權，請登錄';break;case 403:err.message = '無權限';break;case 404:err.message = `請求地址出錯: ${err.response.config.url}`;break;case 408:err.message = '請求超時';break;case 500:err.message = '服務器內部錯誤';break;case 501:err.message = '服務未實現';break;case 502:err.message = '網關錯誤';break;case 503:err.message = '服務不可用';break;case 504:err.message = '網關超時';break;case 505:err.message = 'HTTP版本不受支持';break;default:} } Vue.prototype.$message.error(err.response.data.msg!=null?err.response.data.msg:err.message); return Promise.reject(err)

});
注意一點,需要通過過濾器調整FITLER,增加Access-Control-Expose-Headers的輸出,否則無法獲取response中的header.

至此,JWT的TOKEN續期功能完成.

總結

以上是生活随笔為你收集整理的jwt的续期功能的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。