|
@@ -10,14 +10,14 @@ import javax.servlet.ServletResponse;
|
10
|
10
|
import javax.servlet.http.HttpServletRequest;
|
11
|
11
|
import javax.servlet.http.HttpServletResponse;
|
12
|
12
|
|
13
|
|
-import org.apache.commons.lang3.StringUtils;
|
14
|
|
-import org.apache.http.HttpStatus;
|
15
|
13
|
import org.apache.shiro.authc.AuthenticationException;
|
16
|
14
|
import org.apache.shiro.authc.AuthenticationToken;
|
17
|
15
|
import org.apache.shiro.subject.Subject;
|
18
|
16
|
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
|
19
|
17
|
import org.apache.shiro.web.util.WebUtils;
|
20
|
18
|
import org.springframework.beans.factory.annotation.Value;
|
|
19
|
+import org.springframework.http.HttpStatus;
|
|
20
|
+import org.springframework.util.StringUtils;
|
21
|
21
|
import org.springframework.web.bind.annotation.RequestMethod;
|
22
|
22
|
|
23
|
23
|
import com.yaozhitech.spring5.dto.UserDto;
|
|
@@ -83,7 +83,7 @@ public class JwtAuthFilter extends AuthenticatingFilter {
|
83
|
83
|
@Override
|
84
|
84
|
protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
|
85
|
85
|
String jwtToken = getAuthzHeader(servletRequest);
|
86
|
|
- if(StringUtils.isNotBlank(jwtToken)&&!JwtUtils.isTokenExpired(jwtToken))
|
|
86
|
+ if(!StringUtils.isEmpty(jwtToken)&&!JwtUtils.isTokenExpired(jwtToken))
|
87
|
87
|
return new JWTToken(jwtToken);
|
88
|
88
|
|
89
|
89
|
return null;
|
|
@@ -94,7 +94,7 @@ public class JwtAuthFilter extends AuthenticatingFilter {
|
94
|
94
|
HttpServletResponse httpResponse = WebUtils.toHttp(servletResponse);
|
95
|
95
|
httpResponse.setCharacterEncoding("UTF-8");
|
96
|
96
|
httpResponse.setContentType("application/json;charset=UTF-8");
|
97
|
|
- httpResponse.setStatus(HttpStatus.SC_NON_AUTHORITATIVE_INFORMATION);
|
|
97
|
+ httpResponse.setStatus(HttpStatus.UNAUTHORIZED.ordinal());
|
98
|
98
|
fillCorsHeader(WebUtils.toHttp(servletRequest), httpResponse);
|
99
|
99
|
return false;
|
100
|
100
|
}
|
|
@@ -114,7 +114,7 @@ public class JwtAuthFilter extends AuthenticatingFilter {
|
114
|
114
|
newToken = userService.generateJwtToken(user.getUsername());
|
115
|
115
|
}
|
116
|
116
|
}
|
117
|
|
- if(StringUtils.isNotBlank(newToken))
|
|
117
|
+ if(!StringUtils.isEmpty(newToken))
|
118
|
118
|
httpResponse.setHeader("x-auth-token", newToken);
|
119
|
119
|
|
120
|
120
|
return true;
|
|
@@ -129,7 +129,10 @@ public class JwtAuthFilter extends AuthenticatingFilter {
|
129
|
129
|
protected String getAuthzHeader(ServletRequest request) {
|
130
|
130
|
HttpServletRequest httpRequest = WebUtils.toHttp(request);
|
131
|
131
|
String header = httpRequest.getHeader("x-auth-token");
|
132
|
|
- return StringUtils.removeStart(header, "Bearer ");
|
|
132
|
+ if (StringUtils.startsWithIgnoreCase(header, "Bearer ")) {
|
|
133
|
+ return StringUtils.replace(header, "Bearer ", "");
|
|
134
|
+ }
|
|
135
|
+ return header;
|
133
|
136
|
}
|
134
|
137
|
|
135
|
138
|
protected boolean shouldTokenRefresh(Date issueAt){
|