package com.sandu.common.security;
|
|
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.json.JSONUtil;
|
import com.sandu.common.enums.ResponseStatusEnums;
|
import com.sandu.common.security.config.SecurityProperties;
|
import com.sandu.common.security.token.TokenProvider;
|
import com.sandu.common.util.ResponseUtil;
|
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.stereotype.Component;
|
import org.springframework.util.StringUtils;
|
|
import javax.annotation.Resource;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* @author hupeng
|
*/
|
@Component
|
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|
@Resource
|
private TokenProvider tokenProvider;
|
@Resource
|
private SecurityProperties properties;
|
|
@Override
|
public void commence(HttpServletRequest request,
|
HttpServletResponse response,
|
AuthenticationException authException) throws IOException {
|
|
String token = request.getHeader(properties.getHeader());
|
|
if (!StringUtils.hasText(token)) {
|
writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_NONE.getCode(), ResponseStatusEnums.TOKEN_NONE.getMessage()));
|
return;
|
}
|
|
LoginUserInfo loginUserInfo = tokenProvider.validateToken(token);
|
|
if (loginUserInfo == null) {
|
writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_INVALID.getCode(), ResponseStatusEnums.TOKEN_INVALID.getMessage()));
|
return;
|
}
|
|
if (!StrUtil.equals(loginUserInfo.getToken(), token)) {
|
writeResponse(response, ResponseUtil.error(ResponseStatusEnums.SINGLE_LOGIN.getCode(), ResponseStatusEnums.SINGLE_LOGIN.getMessage()));
|
}
|
|
|
// String token = tokenProvider.getToken(request);
|
// SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);
|
//
|
// if (!StringUtils.hasText(token)) {
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_INVALID.getCode(), ResponseStatusEnums.TOKEN_INVALID.getMessage()));
|
// return;
|
// }
|
//
|
//
|
// Throwable exception = tokenProvider.getException(token);
|
//
|
// // jwt过期 替换新的jwt
|
// if (exception instanceof ExpiredJwtException) {
|
// String usernameForce = tokenProvider.getSubjectForce(token);
|
// if (properties.isCacheOnline()) {
|
// OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);
|
// OnlineUser onlineUser = onlineUserService.getOne(properties.getOnlineKey() + usernameForce);
|
// if (onlineUser == null || !token.equals(onlineUser.getToken())) {
|
// // redis上没有 或者不是当前用户的token 返回失效
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_INVALID.getCode(), ResponseStatusEnums.TOKEN_INVALID.getMessage()));
|
// } else {
|
// // 返回过期,携带新的token
|
// String refreshToken = tokenProvider.refreshToken(token);
|
// onlineUser.setToken(refreshToken);
|
// onlineUserService.updateOne(onlineUser);
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_EXPIRED.getCode(), ResponseStatusEnums.TOKEN_EXPIRED.getMessage(), properties.getTokenStartWith() + refreshToken));
|
// }
|
// } else {
|
// // 返回过期,携带新的token
|
// String refreshToken = properties.getTokenStartWith() + tokenProvider.refreshToken(token);
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_EXPIRED.getCode(), ResponseStatusEnums.TOKEN_EXPIRED.getMessage(), null));
|
// }
|
// return;
|
// }
|
//
|
// // 其他jwt解析异常
|
// if (exception != null) {
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_INVALID.getCode(), ResponseStatusEnums.TOKEN_INVALID.getMessage()));
|
// } else {
|
// //jwt解析正常 看看是不是redis的问题
|
// if (properties.isCacheOnline()) {
|
// String usernameForce = tokenProvider.getSubjectForce(token);
|
// OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);
|
// OnlineUser onlineUser = onlineUserService.getOne(properties.getOnlineKey() + usernameForce);
|
// if (onlineUser != null && !token.equals(onlineUser.getToken())) {
|
// // 和服务器保存的token不一样,说明在其他地方登录
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.SINGLE_LOGIN.getCode(), ResponseStatusEnums.SINGLE_LOGIN.getMessage()));
|
// } else {
|
// // 服务器没有在线用户token或者token不一致 都返回token失效
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.TOKEN_INVALID.getCode(), ResponseStatusEnums.TOKEN_INVALID.getMessage()));
|
// }
|
// } else {
|
// writeResponse(response, ResponseUtil.error(ResponseStatusEnums.FAIL.getCode(), "认证出错"));
|
// }
|
// }
|
// return;
|
|
}
|
|
private void writeResponse(HttpServletResponse response, Object result) throws IOException {
|
response.setHeader("Access-Control-Allow-Origin", "*");
|
response.setHeader("Cache-Control", "no-cache");
|
response.setCharacterEncoding("UTF-8");
|
response.setContentType("application/json");
|
response.getWriter().println(JSONUtil.parse(result));
|
response.getWriter().flush();
|
response.getWriter().close();
|
}
|
|
}
|
