shiro 集成 JWT 自动获取token对应的用户信息

Posted NANA_HOME

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了shiro 集成 JWT 自动获取token对应的用户信息相关的知识,希望对你有一定的参考价值。

 

 

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.WebSubject.Builder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;

import net.shopxx.entity.User;
import net.shopxx.service.UserService;

/**
 * 过滤请求头部信息,如果有,就自动登录
 * http://blog.csdn.net/qi923701/article/details/75007813
 * @author wutao
 * @date    2017年11月11日 下午3:09:51
 */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {

    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);

    @Autowired
    private UserService userService;
    
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        String tokenHeader = request.getHeader(JwtTokenUtil.AUTH_TOKEN);//从头部获取JWT字符串信息
        if(logger.isDebugEnabled()) {
            logger.debug("=========>tokenHeader {}", tokenHeader);    
        }
        if(StringUtils.isNotBlank(tokenHeader)) {
            Long userId = JwtTokenUtil.getUserIdFromToken(tokenHeader);//解码JWT,获得userid
            if(userId!=null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("getUserIdFromToken userId {}", userId);
                }
                
                User auser=userService.find(userId);//根据userID获取用户信息
                if(auser!=null) {
                    PrincipalCollection principals = new SimplePrincipalCollection(auser, "authorizingRealm");//拼装shiro用户信息
                    Builder builder = new WebSubject.Builder(request, response);
                    builder.principals(principals);
                    builder.authenticated(true);
                    WebSubject subject = builder.buildWebSubject();
                    ThreadContext.bind(subject);//塞入容器,统一调用
                }
                
            }
        }
        chain.doFilter(request, response);
    }

}

 

 

    public  @ResponseBody Map<String ,Object> complete(@CurrentUser User auser){
        
        if(auser==null) {
            logger.debug("=======auser==null======");
            return null;
        }
        
        Long userId=auser.getId();
        logger.debug("======userId {}=====",userId);

}

 

以上是关于shiro 集成 JWT 自动获取token对应的用户信息的主要内容,如果未能解决你的问题,请参考以下文章

JWT的TOKEN续期功能

springboot+shiro+jwt

jwt+shiro

spring boot2整合shiro安全框架实现前后端分离的JWT token登录验证

shiro jwt 构建无状态分布式鉴权体系

SpringBoot2.0+Shiro+JWT 整合