根据自身场景简化下

spring5-auth/spring5-auth-server/README.md

@@ -3,6 +3,10 @@
 ## github 认证
 1. [https://www.baeldung.com/spring-oauth-login-webflux](https://www.baeldung.com/spring-oauth-login-webflux)
 
+## 场景
+1. 用户登录，登录时长为30天，不用考虑刷新情况
+2. 管理员登录，登录时长在一小时左右，需要考虑刷新
+3. 不需要考虑登出情况
 
 
 

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/config/ShiroConfiguration.java

@@ -32,6 +32,9 @@ public class ShiroConfiguration {
 	
 	@Value("${password.salt}")
 	private String encryptSalt;
+	
+	@Value("${jwt.salt}")
+	private String jwtSalt;
 
 	/**
 	 * 注册shiro的Filter，拦截请求
@@ -82,7 +85,7 @@ public class ShiroConfiguration {
      */
     @Bean("jwtRealm")
     public Realm jwtShiroRealm(UserService userService) {
-        JWTShiroRealm myShiroRealm = new JWTShiroRealm(userService);
+        JWTShiroRealm myShiroRealm = new JWTShiroRealm(userService, jwtSalt);
         return myShiroRealm;
     }
 

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/controller/LoginController.java

@@ -63,8 +63,6 @@ public class LoginController {
 	public Mono<String> logout() {
 		Subject subject = SecurityUtils.getSubject();
 		if (subject.getPrincipals() != null) {
-			UserDto user = (UserDto) subject.getPrincipals().getPrimaryPrincipal();
-			userService.deleteLoginInfo(user.getUsername());
 		}
 		SecurityUtils.getSubject().logout();
 		return Mono.empty();

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/filter/JwtAuthFilter.java

@@ -76,9 +76,16 @@ public class JwtAuthFilter extends AuthenticatingFilter {
     @Override
     protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
         String jwtToken = getAuthzHeader(servletRequest);
-        if(!StringUtils.isEmpty(jwtToken)&&!JwtUtils.isTokenExpired(jwtToken))
-            return new JWTToken(jwtToken);
-
+        
+        if (!StringUtils.isEmpty(jwtToken)) {
+			if (JwtUtils.isTokenExpired(jwtToken)) {
+				log.error(jwtToken + " 已过期");
+				return null;
+			}
+			
+			return new JWTToken(jwtToken);
+		}
+        
         return null;
     }
 

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/jwt/JWTShiroRealm.java

@@ -22,10 +22,13 @@ import com.yaozhitech.spring5.utils.JwtUtils;
 public class JWTShiroRealm extends AuthorizingRealm {
 
     protected UserService userService;
+    
+    private String jwtSalt;
 
-    public JWTShiroRealm(UserService userService){
+    public JWTShiroRealm(UserService userService, String jwtSalt){
         this.userService = userService;
         this.setCredentialsMatcher(new JWTCredentialsMatcher());
+        this.jwtSalt = jwtSalt;
     }
 
     @Override
@@ -42,7 +45,7 @@ public class JWTShiroRealm extends AuthorizingRealm {
         JWTToken jwtToken = (JWTToken) authcToken;
         String token = jwtToken.getToken();
         
-        UserDto user = userService.getJwtTokenInfo(JwtUtils.getUsername(token));
+        UserDto user = userService.getJwtTokenInfo(JwtUtils.verifyTokenAndGet(token, jwtSalt));
         if(user == null)
             throw new AuthenticationException("token过期，请重新登录");
 

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/service/UserService.java

@@ -1,13 +1,10 @@
 package com.yaozhitech.spring5.service;
 
-import java.time.Duration;
 import java.util.Arrays;
 import java.util.List;
 
 import org.apache.shiro.crypto.hash.Sha256Hash;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 
 import com.yaozhitech.spring5.dto.UserDto;
@@ -18,9 +15,9 @@ public class UserService {
 
 	@Value("${password.salt}")
 	private String encryptSalt;
-
-	@Autowired
-	private StringRedisTemplate redisTemplate;
+	
+	@Value("${jwt.salt}")
+	private String jwtSalt;
 
 	/**
 	 * 保存user登录信息，返回token
@@ -28,9 +25,7 @@ public class UserService {
 	 * @param userDto
 	 */
 	public String generateJwtToken(String username) {
-		String salt = JwtUtils.generateSalt();
-		redisTemplate.opsForValue().set("token:"+username, salt, Duration.ofSeconds(3600));
-		return JwtUtils.sign(username, salt, 3600); // 生成jwt token，设置过期时间为1小时
+		return JwtUtils.sign(username, jwtSalt, 3600); // 生成jwt token，设置过期时间为1小时
 	}
 
 	/**
@@ -40,23 +35,12 @@ public class UserService {
 	 * @return
 	 */
 	public UserDto getJwtTokenInfo(String username) {
-		String salt = redisTemplate.opsForValue().get("token:"+username);
 		UserDto user = getUserInfo(username);
-		user.setSalt(salt);
+		user.setSalt(jwtSalt);
 		return user;
 	}
 
 	/**
-	 * 清除token信息
-	 * 
-	 * @param userName 登录用户名
-	 * @param terminal 登录终端
-	 */
-	public void deleteLoginInfo(String username) {
-		redisTemplate.delete("token:"+username);
-	}
-
-	/**
 	 * 获取数据库中保存的用户信息，主要是加密后的密码
 	 * 
 	 * @param userName
@@ -65,7 +49,7 @@ public class UserService {
 	public UserDto getUserInfo(String userName) {
 		UserDto user = new UserDto();
 		user.setUserId(1L);
-		user.setUsername("admin");
+		user.setUsername(userName);
 		user.setEncryptPwd(new Sha256Hash("123456", encryptSalt).toHex());
 		return user;
 	}

spring5-auth/spring5-auth-server/src/main/java/com/yaozhitech/spring5/utils/JwtUtils.java

@@ -4,13 +4,15 @@ import java.io.UnsupportedEncodingException;
 import java.util.Calendar;
 import java.util.Date;
 
-import org.apache.shiro.crypto.SecureRandomNumberGenerator;
-
 import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
 public class JwtUtils {
 
 	/**
@@ -38,6 +40,19 @@ public class JwtUtils {
             return null;
         }
     }
+    
+    public static String verifyTokenAndGet(String token, String secret) {
+        DecodedJWT jwt = null;
+        try {
+            JWTVerifier verifier = JWT.require(Algorithm.HMAC256(secret)).build();
+            jwt = verifier.verify(token);
+            
+        } catch (Exception e) {
+        	log.error(e.getMessage(), e);
+            return null;
+        }
+        return jwt.getClaim("username").asString();
+    }
 
     /**
      * 生成签名,expireTime后过期
@@ -70,13 +85,13 @@ public class JwtUtils {
         return jwt.getExpiresAt().before(now);
     }
 
-    /**
-     * 生成随机盐,长度32位
-     * @return
-     */
-    public static String generateSalt(){
-        SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator();
-        String hex = secureRandom.nextBytes(16).toHex();
-        return hex;
-    }
+//    /**
+//     * 生成随机盐,长度32位
+//     * @return
+//     */
+//    public static String generateSalt(){
+//        SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator();
+//        String hex = secureRandom.nextBytes(16).toHex();
+//        return hex;
+//    }
 }

spring5-auth/spring5-auth-server/src/main/resources/application.yml

@@ -20,5 +20,7 @@ spring:
     password: huojutech!23
   
 password:
-  salt: k12829WhsvnEV$#03b2n          
+  salt: k12829WhsvnEV$#03b2n
+jwt:
+  salt: xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr
   

spring5-order/src/main/java/com/yaozhitech/spring5/controller/OrderController.java

@@ -43,7 +43,11 @@ public class OrderController {
 		
 		log.info(token);
 		
-		token = JwtUtils.sign("mock" + "." + "TQo0s7$NrpN6yEA#", JwtUtils.generateSalt(), 3600);
+		token = JwtUtils.sign("mock" + "." + "TQo0s7$NrpN6yEA#", "abc", 3600);
+		log.info(token);
+		
+		token = JwtUtils.sign("mock" + "." + "TQo0s7$NrpN6yEA#", "abc", 2600);
+		log.info(token);
 		
 		return ResponseEntity.ok(token);
 	}