我在 spring 启动代码中实现了 JWT 令牌安全。我将如何在我的代码中的任何地方获得 jwt 令牌?需要保存审核
I have implemented JWT token security in spring boot code. how will I get jwt token anywhere in my code? need to save audit
我通过参考 jwt security impemented 视频在 spring boot 中实现了 jwt security token。
因此,登录后我得到生成的 jwt 令牌,为了进一步命中我需要从请求 header 传递 jwt 令牌,然后重新请求将在 JwtAuthenticationTokenFilter class 的 dofilter() 方法中获得授权,如下所示。
public class JwtAuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Value("${jwt.header}")
private String tokenHeader;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String username = null;
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(authToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
}
但是我需要在代码中的任何地方获取该 jwt 令牌,以便从令牌中获取一些数据。
例如看下面的代码
public static AuditDetails createAudit() {
AuditDetails auditDetails = new AuditDetails();
**auditDetails.setCreateUser(token.getUsername());**
auditDetails.setCreateTime(new Date());
return auditDetails;
}
所以基本上我需要从令牌中获取用户名以获取相同的审计详细信息,但我想如何在该代码或代码中的任何位置获取令牌?
令牌通过 header (tokenHeader)
发送到您的应用程序
编辑
如果您不想在任何地方使用 HttpServletRequest 的内容,您可以根据会话使用价值持有者,您可以在每项服务中 Inject(自动装配)使用提交的令牌。您可以尝试以下方法
@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class MyHolder {
private String authToken;
public String getAuthToken() {
return authToken;
}
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
}
更改 JwtAuthenticationTokenFilter
中的令牌值
@Autowired MyHolder myHolder;
// ...
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7); // Here is your token
// UPDATE THE TOKEN VALUE IN YOUR HOLDER HERE
myHolder.setAuthToken(authToken);
// ...
}
通过自动装配 MyHolder class
在您的应用中的任何位置访问令牌
@Autowired MyHolder myHolder;
// ...
var token = myHolder.getAuthToken();
我通过参考 jwt security impemented 视频在 spring boot 中实现了 jwt security token。 因此,登录后我得到生成的 jwt 令牌,为了进一步命中我需要从请求 header 传递 jwt 令牌,然后重新请求将在 JwtAuthenticationTokenFilter class 的 dofilter() 方法中获得授权,如下所示。
public class JwtAuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Value("${jwt.header}")
private String tokenHeader;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
String username = null;
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(authToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
}
但是我需要在代码中的任何地方获取该 jwt 令牌,以便从令牌中获取一些数据。 例如看下面的代码
public static AuditDetails createAudit() {
AuditDetails auditDetails = new AuditDetails();
**auditDetails.setCreateUser(token.getUsername());**
auditDetails.setCreateTime(new Date());
return auditDetails;
}
所以基本上我需要从令牌中获取用户名以获取相同的审计详细信息,但我想如何在该代码或代码中的任何位置获取令牌?
令牌通过 header (tokenHeader)
编辑
如果您不想在任何地方使用 HttpServletRequest 的内容,您可以根据会话使用价值持有者,您可以在每项服务中 Inject(自动装配)使用提交的令牌。您可以尝试以下方法
@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class MyHolder {
private String authToken;
public String getAuthToken() {
return authToken;
}
public void setAuthToken(String authToken) {
this.authToken = authToken;
}
}
更改 JwtAuthenticationTokenFilter
@Autowired MyHolder myHolder;
// ...
String authToken = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
String header = httpRequest.getHeader(this.tokenHeader);
if (header != null && header.startsWith("Bearer ")) {
authToken = header.substring(7); // Here is your token
// UPDATE THE TOKEN VALUE IN YOUR HOLDER HERE
myHolder.setAuthToken(authToken);
// ...
}
通过自动装配 MyHolder class
在您的应用中的任何位置访问令牌@Autowired MyHolder myHolder;
// ...
var token = myHolder.getAuthToken();