完善验证token失效的方法

7ac9c3c1 · stylefeng · 4f688579 · 7ac9c3c1 · 7ac9c3c1
Commit 7ac9c3c1 authored Aug 23, 2017 by stylefeng
Show whitespace changes
Inline Side-by-side

Showing with 18 additions and 12 deletions

guns-rest/src/main/java/com/stylefeng/guns/rest/auth/JwtTokenUtil.java
+11 -0

guns-rest/src/main/java/com/stylefeng/guns/rest/filter/JwtAuthenticationTokenFilter.java
+7 -12

No files found.
--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/auth/JwtTokenUtil.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/auth/JwtTokenUtil.java
@@ -2,6 +2,7 @@ package com.stylefeng.guns.rest.auth;

 import com.stylefeng.guns.rest.config.properties.JwtProperties;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -52,6 +53,16 @@ public class JwtTokenUtil implements Serializable {
        return claimsResolver.apply(claims);
    }

+    public Boolean validateToken(String token) {
+        try {
+            //判断是否能解析出token
+            Jwts.parser().setSigningKey(jwtProperties.getSecret()).parseClaimsJws(token).getBody();
+            return true;
+        } catch (JwtException e) {
+            return false;
+        }
+    }
+
    private Claims getAllClaimsFromToken(String token) {
        return Jwts.parser()
                .setSigningKey(jwtProperties.getSecret())

--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/filter/JwtAuthenticationTokenFilter.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/filter/JwtAuthenticationTokenFilter.java
@@ -24,28 +24,23 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    private JwtProperties jwtProperties;

    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
-
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        if (request.getServletPath().equals("/" + jwtProperties.getAuthPath())) {
            chain.doFilter(request, response);
            return;
        }
-
        final String requestHeader = request.getHeader(jwtProperties.getHeader());
-
-        String username = null;
        String authToken = null;
        if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
            authToken = requestHeader.substring(7);
-            try {
-                username = jwtTokenUtil.getUsernameFromToken(authToken);
-            } catch (IllegalArgumentException e) {
-                logger.error("an error occured during getting username from token", e);
-                return;
+            boolean flag = jwtTokenUtil.validateToken(authToken);
+            if (!flag) {
+                logger.error("token验证错误");
+                throw new RuntimeException("token验证错误");
            }
        } else {
-            logger.warn("couldn't find bearer string, will ignore the header");
-            return;
+            logger.warn("错误的header");
+            throw new RuntimeException("错误的header");
        }
        chain.doFilter(request, response);
    }