From 5cd2b5657895338eef4104f2974e2768866d13a2 Mon Sep 17 00:00:00 2001 From: Tang Cheng Date: Wed, 24 Apr 2019 09:29:19 +0800 Subject: [PATCH] =?utf8?q?=E4=BC=98=E5=8C=96=20jwt=20,=E5=A2=9E=E5=8A=A0?= =?utf8?q?=E4=BA=86=20jwt=20refresh=20=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- .../dlpay/framework/core/JwtConfig.java | 6 +++ .../dlpay/framework/domain/JwtRedis.java | 10 ++++ .../controller/security_controller.kt | 47 ++++++++++++++++++- .../kotlin/com/supwisdom/dlpay/security.kt | 7 ++- 4 files changed, 67 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/supwisdom/dlpay/framework/core/JwtConfig.java b/src/main/java/com/supwisdom/dlpay/framework/core/JwtConfig.java index 1eccb8a4..a51f7054 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/core/JwtConfig.java +++ b/src/main/java/com/supwisdom/dlpay/framework/core/JwtConfig.java @@ -11,6 +11,8 @@ public class JwtConfig { private Long expiration = 3600L; @Value("${jwt.header:Authorization}") private String header = "Authorization"; + @Value("${jwt.token_header:Bearer") + private String tokenHeader = "Bearer"; public String getSecret() { return secret; @@ -23,4 +25,8 @@ public class JwtConfig { public String getHeader() { return header; } + + public String getTokenHeader() { + return tokenHeader; + } } diff --git a/src/main/java/com/supwisdom/dlpay/framework/domain/JwtRedis.java b/src/main/java/com/supwisdom/dlpay/framework/domain/JwtRedis.java index 60647488..01828e0a 100644 --- a/src/main/java/com/supwisdom/dlpay/framework/domain/JwtRedis.java +++ b/src/main/java/com/supwisdom/dlpay/framework/domain/JwtRedis.java @@ -11,6 +11,8 @@ public class JwtRedis { String status; + String uid; + Long expiration; public String getJti() { @@ -36,4 +38,12 @@ public class JwtRedis { public void setExpiration(Long expiration) { this.expiration = expiration; } + + public String getUid() { + return uid; + } + + public void setUid(String uid) { + this.uid = uid; + } } diff --git a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt index 521fe7c1..ec1d2e42 100644 --- a/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt +++ b/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt @@ -29,6 +29,7 @@ import org.springframework.stereotype.Controller import org.springframework.ui.Model import org.springframework.web.bind.annotation.* import org.springframework.web.context.request.ServletWebRequest +import java.text.SimpleDateFormat import java.util.* import javax.imageio.ImageIO import javax.servlet.http.HttpServletRequest @@ -97,27 +98,69 @@ class ApiAuthController { val requestId = if (clientid == null) appid else "$appid-$clientid" return apiClientRepository.findById(requestId).let { if (it.isPresent && checkSecretToken(it.get(), secret)) { - apiClientRepository.delete(it.get()) + apiClientRepository.deleteById(requestId) val token = JwtTokenUtil(jwtConfig).generateToken( mapOf("uid" to appid, "issuer" to "payapi", "audience" to (clientid ?: appid), "authorities" to it.get().roles.split(";"))) JwtRedis().apply { jti = token.jti + uid = appid status = TradeDict.JWT_STATUS_NORMAL - expiration = token.expiration.value + expiration = token.expiration.valueInMillis }.apply { apiJwtRepository.save(this) } + val exp = Calendar.getInstance() + val fmt = SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z") + fmt.timeZone = TimeZone.getTimeZone("UTC") + exp.timeInMillis = token.expiration.valueInMillis ResponseEntity.ok(ResponseBodyBuilder.create() .data("jwt", token.jwtToken) .data("appid", appid) + .data("expiredAt", fmt.format(exp.time)) .success()) } else { ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() } } } + + @GetMapping("/refresh") + fun refresh(@RequestHeader("\${jwt.header}") auth: String): ResponseEntity { + if (!auth.startsWith(jwtConfig.tokenHeader)) { + return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() + } + val jwt = JwtTokenUtil(jwtConfig).verifyToken(auth.substring(jwtConfig.tokenHeader.length)) + val appid = jwt["uid"] as String + apiClientDao.findById(appid).let { + if (it.isPresent && it.get().status == TradeDict.STATUS_NORMAL) { + // 新证书 + val token = JwtTokenUtil(jwtConfig).generateToken( + mapOf("uid" to appid, "issuer" to "payapi", + "audience" to jwt["audience"], + "authorities" to it.get().roles.split(";"))) + JwtRedis().apply { + jti = token.jti + uid = appid + status = TradeDict.JWT_STATUS_NORMAL + expiration = token.expiration.valueInMillis + }.apply { + apiJwtRepository.save(this) + } + val exp = Calendar.getInstance() + val fmt = SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z") + fmt.timeZone = TimeZone.getTimeZone("UTC") + exp.timeInMillis = token.expiration.valueInMillis + ResponseEntity.ok(ResponseBodyBuilder.create() + .data("jwt", token.jwtToken) + .data("appid", appid) + .data("expiredAt", fmt.format(exp.time)) + .success()) + } + } + return ResponseEntity.ok().build() + } } @RestController diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt index 20f12070..6a32255b 100644 --- a/src/main/kotlin/com/supwisdom/dlpay/security.kt +++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt @@ -57,8 +57,13 @@ class ApiJwtAuthenticationFilter : OncePerRequestFilter() { } override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, filterChain: FilterChain) { - request.getHeader(jwtConfig.header)?.let { jwt -> + request.getHeader(jwtConfig.header)?.let { authHeader -> try { + val jwt = if (authHeader.startsWith(jwtConfig.tokenHeader)) { + authHeader.substring(jwtConfig.tokenHeader.length) + } else { + throw JoseException("JWT Header error") + } val claims = getUtil().verifyToken(jwt) apiJwtRepository.findById(claims["jti"].toString()).let { if (!it.isPresent) { -- 2.17.1