package com.sandu.common.security.token;
|
|
import com.sandu.common.enums.AdminStatusStatus;
|
import com.sandu.common.security.LoginUserInfo;
|
import com.sandu.common.security.config.SecurityProperties;
|
import io.jsonwebtoken.*;
|
import io.jsonwebtoken.io.Decoders;
|
import io.jsonwebtoken.io.DecodingException;
|
import io.jsonwebtoken.security.Keys;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.stereotype.Component;
|
|
import java.security.Key;
|
import java.util.Date;
|
import java.util.stream.Collectors;
|
|
/**
|
* @author chenjiantian
|
* @date 2022/1/8 18:12
|
*/
|
@Component
|
@Slf4j
|
@ConditionalOnProperty(prefix = "sandu.jwt", name = "cache-online", havingValue = "false")
|
public class JwtTokenProvider implements TokenProvider, InitializingBean {
|
|
private static final String AUTHORITIES_KEY = "auth";
|
private static final String CREDENTIALS_KEY = "cred";
|
private static final String ADMINISTRATOR_KEY = "admin";
|
private final SecurityProperties properties;
|
private Key key;
|
|
public JwtTokenProvider(SecurityProperties properties) {
|
this.properties = properties;
|
}
|
|
@Override
|
public void afterPropertiesSet() {
|
byte[] keyBytes = Decoders.BASE64.decode(properties.getBase64Secret());
|
this.key = Keys.hmacShaKeyFor(keyBytes);
|
}
|
|
@Override
|
public String createToken(LoginUserInfo loginUserInfo) {
|
if (loginUserInfo.getUserId() == null) {
|
throw new IllegalArgumentException("用户id不能为空");
|
}
|
String authorities = loginUserInfo.getAuthorities().stream()
|
.map(GrantedAuthority::getAuthority)
|
.collect(Collectors.joining(","));
|
|
long now = (new Date()).getTime();
|
Date expiration = new Date(now + properties.getTokenValidityInSeconds());
|
|
return Jwts.builder()
|
.setSubject(loginUserInfo.getUserId().toString())
|
.claim(AUTHORITIES_KEY, authorities)
|
.claim(CREDENTIALS_KEY, loginUserInfo.getAccount())
|
.claim(ADMINISTRATOR_KEY, loginUserInfo.getAdministratorType())
|
.setExpiration(expiration)
|
.signWith(key, SignatureAlgorithm.HS512)
|
.compact();
|
}
|
|
@Override
|
public LoginUserInfo validateToken(String token) {
|
try {
|
Claims claims = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
|
LoginUserInfo loginUserInfo = new LoginUserInfo();
|
loginUserInfo.setUserId(Long.valueOf(claims.getSubject()));
|
loginUserInfo.setAccount(String.valueOf(claims.get(CREDENTIALS_KEY)));
|
loginUserInfo.setPermission(claims.get(AUTHORITIES_KEY).toString());
|
loginUserInfo.setAdministratorType(Integer.parseInt(claims.get(ADMINISTRATOR_KEY).toString()));
|
loginUserInfo.setToken(token);
|
loginUserInfo.setStatus(AdminStatusStatus.NORMAL.getCode());
|
return loginUserInfo;
|
} catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
|
log.info("Invalid JWT signature.");
|
// e.printStackTrace();
|
} catch (ExpiredJwtException e) {
|
log.info("Expired JWT token.");
|
// e.printStackTrace();
|
} catch (UnsupportedJwtException | DecodingException e) {
|
log.info("Unsupported JWT token.");
|
// e.printStackTrace();
|
} catch (IllegalArgumentException e) {
|
log.info("JWT token compact of handler are invalid.");
|
// e.printStackTrace();
|
}
|
|
return null;
|
}
|
}
|
