jwt的token自动续约_JWT的TOKEN续期功能

JWT里有一个关键的东东,就是续期TOKEN,即TOKEN快过期时,刷新一个新的TOKEN给客户端.

办法如下:

1.后端生成TOKEN

import com.starmark.core.shiro.model.SecurityUser;

import com.starmark.core.shiro.model.UserLoginToken;

import com.starmark.core.shiro.util.JWTUtil;

import org.apache.commons.lang3.BooleanUtils;

import org.apache.commons.lang3.StringUtils;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authc.AuthenticationToken;

import org.apache.shiro.subject.Subject;

import org.apache.shiro.web.filter.authc.AuthenticatingFilter;

import org.apache.shiro.web.util.WebUtils;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.time.LocalDateTime;

import java.time.ZoneId;

import java.util.Date;

import java.util.Objects;

public class JwtAuthFilter extends AuthenticatingFilter {

private final Logger log = LoggerFactory.getLogger(JwtAuthFilter.class);

//10分钟后刷新token

private static final int tokenRefreshInterval = 60 * 10;

@Override

protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {

HttpServletRequest httpServletRequest = WebUtils.toHttp(request);

if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) //对于OPTION请求做拦截，不做token校验

return false;

return super.preHandle(request, response);

}

@Override

protected void postHandle(ServletRequest request, ServletResponse response) {

request.setAttribute("jwtShiroFilter.FILTERED", true);

}

@Override

protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {

if (this.isLoginRequest(request, response)) {

return true;

}

Boolean afterFiltered = (Boolean) (request.getAttribute("jwtShiroFilter.FILTERED"));

if (BooleanUtils.isTrue(afterFiltered))

return true;

boolean allowed = false;

try {

allowed = executeLogin(request, response);

} catch (IllegalStateException e) { //not found any token

log.error("Not found any token");

} catch (Exception e) {

log.error("Error occurs when login", e);

}

return allowed || super.isPermissive(mappedValue);

}

@Override

protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {

String jwtToken = getAuthzHeader(servletRequest);

if (StringUtils.isNotBlank(jwtToken) && !JWTUtil.isTokenExpired(jwtToken))

return UserLoginToken.buildPassword(jwtToken, null, "jwt");

return null;

}

@Override

protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {

HttpServletResponse httpResponse = WebUtils.toHttp(servletResponse);

httpResponse.sendRedirect("/unauth");

return false;

}

@Override

protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) {

HttpServletResponse httpResponse = WebUtils.toHttp(response);

if (token instanceof UserLoginToken && "jwt".equalsIgnoreCase(((UserLoginToken) token).getLoginType())) {

UserLoginToken jwtToken = (UserLoginToken) token;

boolean shouldRefresh = shouldTokenRefresh(Objects.requireNonNull(JWTUtil.getIssuedAt(jwtToken.getUsername())));

if (shouldRefresh) {

//生成新的TOKEN

SecurityUser user = (SecurityUser) subject.getPrincipal();

String newToken = JWTUtil.sign(user.getUserInfo().getId());

httpResponse.setHeader("x-auth-token", newToken);

}

}

return true;

}

@Override

protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {

log.error("Validate token fail, token:{}, error:{}", token.toString(), e.getMessage());

return false;

}

/**

* 获取TOKEN

* @param request 请求

* @return token

*/

private String getAuthzHeader(ServletRequest request) {

HttpServletRequest httpRequest = WebUtils.toHttp(request);

String header = httpRequest.getHeader("x-auth-token");

return StringUtils.removeStart(header, "Bearer ");

}

/**

* 判断是否需要刷新TOKEN

* @param issueAt token签发日期

* @return 是否需要刷新TOKEN

*/

private boolean shouldTokenRefresh(Date issueAt) {

LocalDateTime issueTime = LocalDateTime.ofInstant(issueAt.toInstant(), ZoneId.systemDefault());

return LocalDateTime.now().minusSeconds(tokenRefreshInterval).isAfter(issueTime);

}

}

原签发TOKEN后10分钟后刷新新的TOKEN

2.前端获取TOKEN

// 拦截响应response，并做一些错误处理

axios.interceptors.response.use((response) => {

if(response.status ===200 && response.data && response.data.code === 401) {

//console.log(window.location.origin);

window.location.href=window.location.origin+window.location.pathname+'#/login';

}

//获取返回的TOKEN

const token=response.headers['x-auth-token'];

if(token) {

//将续期的TOKEN存起来

localStorage.setItem("token",token) ;

}

// 这里是填写处理信息

return response;

}, (err) => { // 这里是返回状态码不为200时候的错误处理

console.log(err);

if(err && err.response) {

switch(err.response.data.code) {

case 400:

err.message = '请求错误';

break;

case 401:

err.message = '未授权，请登录';

break;

case 403:

err.message = '无权限';

break;

case 404:

err.message = `请求地址出错: ${err.response.config.url}`;

break;

case 408:

err.message = '请求超时';

break;

case 500:

err.message = '服务器内部错误';

break;

case 501:

err.message = '服务未实现';

break;

case 502:

err.message = '网关错误';

break;

case 503:

err.message = '服务不可用';

break;

case 504:

err.message = '网关超时';

break;

case 505:

err.message = 'HTTP版本不受支持';

break;

default:

}

}

Vue.prototype.$message.error(err.response.data.msg!=null?err.response.data.msg:err.message);

return Promise.reject(err)

});

注意一点,需要通过过滤器调整FITLER,增加Access-Control-Expose-Headers的输出,否则无法获取response中的header.

至此,JWT的TOKEN续期功能完成.