JwtAuthenticationTokenFilter 实现shiro 利用 token 信息完成令牌登录

Posted 2020-10-15 NANA_HOME

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了JwtAuthenticationTokenFilter 实现shiro 利用 token 信息完成令牌登录相关的知识，希望对你有一定的参考价值。

package net.filter.jwt;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.WebSubject.Builder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;

import net.entity.User;
import net.service.UserService;

/**
 * 过滤请求头部信息，如果有，就自动登录 http://blog.csdn.net/qi923701/article/details/75007813
 * 
 * @author wutao
 * @date 2017年11月11日 下午3:09:51
 */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {

    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);

    @Autowired
    private UserService userService;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        String tokenHeader = request.getHeader(JwtTokenUtil.AUTH_TOKEN);
        if (StringUtils.isNotBlank(tokenHeader)) {
            Long userId = JwtTokenUtil.getUserIdFromToken(tokenHeader);
            if (userId != null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("getUserIdFromToken userId {}", userId);
                }

                User auser = userService.find(userId);
                if (auser != null) {
                    PrincipalCollection principals = new SimplePrincipalCollection(auser, "authorizingRealm");
                    Builder builder = new WebSubject.Builder(request, response);
                    builder.principals(principals);
                    builder.authenticated(true);
                    WebSubject subject = builder.buildWebSubject();
                    ThreadContext.bind(subject);
                }

            }
        }
        chain.doFilter(request, response);
    }

}

以上是关于JwtAuthenticationTokenFilter 实现shiro 利用 token 信息完成令牌登录的主要内容，如果未能解决你的问题，请参考以下文章