package com.xkrs.microservice.common.account; import com.xkrs.microservice.common.encapsulation.OutputEncapsulation; import com.xkrs.microservice.common.encapsulation.PromptMessageEnum; import com.xkrs.microservice.model.entity.auth.SysUserEntity; import com.xkrs.microservice.model.entity.yunli.YunLiUserExInfoEntity; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.security.Keys; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import javax.crypto.SecretKey; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; import java.util.*; /** * token认证服务 * @author tajochen */ public class TokenAuthenticationService { private static final Logger logger = LoggerFactory.getLogger(TokenAuthenticationService.class); /** * 过期时间6小时 */ static public final long EXPIRATIONTIME = 21_600_000; /** * 加密密钥 */ static public final String SECRET_KEY = "0Y9H364Q9Y908262F25LMXGIKIN5N858XM3674GWL2DD8X1DS4W6I722IRY8PS4XPNB6U303" + "45HBVCUL94STG8C3Z53T7A09JJ100I56YE9894CI11PX9J71HIZ8L5Y2O504C4E2K8276425UA8734833F45K36878FXAG799QV9LXU" + "JOI3XA2046UPG8TB2OT84R5T6ZB127N9ZPJ7AJMC41JVHB2WK2B6H8NL45LZNAZ666KHZH3QUT65UX6F8"; /** * Token前缀 */ static public final String TOKEN_PREFIX = "Bearer"; /** * 存放Token的Header Key */ static final String HEADER_STRING = "Authorization"; static SecretKey key = Keys.hmacShaKeyFor(SECRET_KEY.getBytes()); /** * JWT生成方法 * @param response * @param userName * @param authorities */ static void addAuthentication(HttpServletResponse response, String userName, Collection authorities, Map userinfo) { Locale locale = new Locale("zh", "CN"); StringBuffer auths = new StringBuffer(); String authsList = ""; for(GrantedAuthority r : authorities) { auths.append("," + r.getAuthority()); } authsList = auths.toString(); if(authsList.length()>1){ authsList=authsList.substring(1,authsList.length()); }else{ logger.warn(userName +" has no permission!"); } // 生成JWT String jwt = Jwts.builder() .setSubject(userinfo.get("o_user_id")) .setIssuer("https://www.microservice.com") .setAudience(userinfo.get("o_user_name")) .claim("auths", authsList) .setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) .signWith(key) .compact(); PrintWriter out = null; try { out = response.getWriter(); } catch (IOException e) { e.printStackTrace(); } response.setStatus(HttpServletResponse.SC_OK); Map outMap = new HashMap<>(2); outMap.put("jwt", jwt); outMap.put("userInfo", userinfo); out.append(OutputEncapsulation.outputEncapsulationObject(PromptMessageEnum.SUCCESS, outMap, locale)); } /** * JWT验证方法 * @param request * @return */ static Authentication getAuthentication(HttpServletRequest request) { // 从Header中拿到token String token = request.getHeader(HEADER_STRING); if (token != null) { try { // 解析 Token Claims claims = Jwts.parserBuilder() .setSigningKey(key).build() // 去掉 Bearer .parseClaimsJws(token.replace(TOKEN_PREFIX, "")) .getBody(); // 获取用户名 String userName = claims.getSubject(); // 获取权限 List authorities = AuthorityUtils.commaSeparatedStringToAuthorityList((String) claims.get("auths")); return new UsernamePasswordAuthenticationToken(userName, null, authorities); } catch(Exception e) { // the sub field was missing or did not have a value return null; } } else { return null; } } /** * user middleground info */ public static String getJwt(YunLiUserExInfoEntity userInfo, List authsList) { StringBuffer sb = new StringBuffer(); for (String au : authsList) { sb.append(au).append(","); } String substring = ""; if (authsList.size() != 0) { substring = sb.substring(0, sb.length() - 1); } String jwt = Jwts.builder() .setSubject(userInfo.getoUserId()) .setIssuer("https://www.microservice.com") .setAudience(userInfo.getoUserName()) // 保存权限 .claim("auths", substring) // 有效期设置 .setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) // 签名设置 .signWith(key) .compact(); return jwt; } public static String getJwt(Map userInfo, List authsList) { StringBuffer sb = new StringBuffer(); for (String au : authsList) { sb.append(au).append(","); } String substring = ""; if (authsList.size() != 0) { substring = sb.substring(0, sb.length() - 1); } String jwt = Jwts.builder() .setSubject(userInfo.get("o_user_id")) .setIssuer("https://www.microservice.com") .setAudience(userInfo.get("o_user_name")) // 保存权限 .claim("auths", substring) // 有效期设置 .setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) // 签名设置 .signWith(key) .compact(); return jwt; } /** * own user info * @param userInfo * @param authsList * @return */ public static String getJwt(SysUserEntity userInfo, List authsList) { StringBuffer sb = new StringBuffer(); for (String au : authsList) { sb.append(au).append(","); } String substring = ""; if (authsList.size() != 0) { substring = sb.substring(0, sb.length() - 1); } String jwt = Jwts.builder() .setSubject(userInfo.getId()) .setIssuer("https://www.microservice.com") .setAudience(userInfo.getUserName()) // 保存权限 .claim("auths", substring) // 有效期设置 .setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) // 签名设置 .signWith(key) .compact(); return jwt; } }