我已经通过参考jwt安全增强视频在spring boot中实现了jwt安全令牌。因此,登录后,我得到了生成的jwt令牌,为了达到进一步的终点,我需要从请求头传递jwt令牌。然后重新请求将在JwtAuthenticationTokenFilter类中的dofilter((方法处获得授权,如下所示。
public class JwtAuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Value("${jwt.header}")
private String tokenHeader;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String username = null;
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(authToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
}
但我需要在代码中的任何位置获取jwt令牌,以便从令牌中获取一些数据。例如,看看下面的代码
public static AuditDetails createAudit() {
AuditDetails auditDetails = new AuditDetails();
**auditDetails.setCreateUser(token.getUsername());**
auditDetails.setCreateTime(new Date());
return auditDetails;
}
所以基本上,我需要从令牌中获取用户名到相同的审计细节,但我想如何在代码中或代码中的任何地方获取令牌?
令牌通过header (tokenHeader)发送到您的应用程序
编辑
如果您不想在任何地方使用HttpServletRequest的内容,您可以使用as per session,这是一个值持有者,您可以在每个服务中使用Inject(autowire(来使用提交的令牌。您可以尝试以下
@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class MyHolder {
private String authToken;
public String getAuthToken() {
return authToken;
}
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
}
更改JwtAuthenticationTokenFilter中的令牌值
@Autowired MyHolder myHolder;
// ...
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7); // Here is your token
// UPDATE THE TOKEN VALUE IN YOUR HOLDER HERE
myHolder.setAuthToken(authToken);
// ...
}
通过自动连接MyHolder类,在应用程序中的任何位置访问令牌
@Autowired MyHolder myHolder;
// ...
var token = myHolder.getAuthToken();