shiro 集成 JWT 自动获取token对应的用户信息

 

 

复制代码
import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.WebSubject.Builder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;

import net.shopxx.entity.User;
import net.shopxx.service.UserService;

/**
 * 过滤请求头部信息,如果有,就自动登录
 * http://blog.csdn.net/qi923701/article/details/75007813
 * @author wutao
 * @date    2017年11月11日 下午3:09:51
 */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {

    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);

    @Autowired
    private UserService userService;
    
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        String tokenHeader = request.getHeader(JwtTokenUtil.AUTH_TOKEN);//从头部获取JWT字符串信息
        if(logger.isDebugEnabled()) {
            logger.debug("=========>tokenHeader {}", tokenHeader);    
        }
        if(StringUtils.isNotBlank(tokenHeader)) {
            Long userId = JwtTokenUtil.getUserIdFromToken(tokenHeader);//解码JWT,获得userid
            if(userId!=null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("getUserIdFromToken userId {}", userId);
                }
                
                User auser=userService.find(userId);//根据userID获取用户信息
                if(auser!=null) {
                    PrincipalCollection principals = new SimplePrincipalCollection(auser, "authorizingRealm");//拼装shiro用户信息
                    Builder builder = new WebSubject.Builder(request, response);
                    builder.principals(principals);
                    builder.authenticated(true);
                    WebSubject subject = builder.buildWebSubject();
                    ThreadContext.bind(subject);//塞入容器,统一调用
                }
                
            }
        }
        chain.doFilter(request, response);
    }

}
复制代码

 

 

复制代码
    public  @ResponseBody Map<String ,Object> complete(@CurrentUser User auser){
        
        if(auser==null) {
            logger.debug("=======auser==null======");
            return null;
        }
        
        Long userId=auser.getId();
        logger.debug("======userId {}=====",userId);

}
复制代码

 

posted @   nanahome  阅读(15255)  评论(1编辑  收藏  举报
编辑推荐:
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
阅读排行:
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
点击右上角即可分享
微信分享提示