我最近切换到 JHipster v8.1.0,但不知道如何通过 cookie 验证传入请求。
在 7.x.x 版本中,有一个
JWTFilter
类,其中有一个 resolveToken(HttpServletRequest request)
方法,通过它,我可以轻松地从 cookie 或 header 解析令牌...
这是我在旧版本中的
resolveToken
函数版本,用于从 cookie 解析 JWT 令牌:
private String resolveToken(HttpServletRequest request) {
String bearerToken = request.getHeader(AUTHORIZATION_HEADER);
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
return bearerToken.substring(7);
}
final Cookie auth = WebUtils.getCookie(request, AUTHORIZATION_COOKIE);
if (auth != null && StringUtils.hasText(auth.getValue())) {
return auth.getValue();
}
return null;
}
但是在新版本中,我找不到办法做到这一点!
有人可以帮助我吗?我非常感谢您提供的任何帮助。
由于在互联网或这里找不到任何答案,我尝试以某种方式做我自己的伎俩。
尽管我的做法看起来不错,但我希望 Jhipster 团队为开发人员提供一些接口,以便他们可以选择自己的授权方法。
好的,所以我实现了一个过滤器来提取 cookie 中可能的令牌,然后将其添加到标头中,然后在
UsernamePasswordAuthenticationFilter
: 之前添加此过滤器
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.WebUtils;
import tech.siloxa.magineh.security.SecurityUtils;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.*;
@Component
public class CookieAuthorizationFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
final MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(httpServletRequest);
final Cookie cookie = WebUtils.getCookie(httpServletRequest, "Authorization");
if (cookie != null && StringUtils.hasText(cookie.getValue())) {
mutableRequest.putHeader("Authorization", "Bearer " + URLDecoder.decode(cookie.getValue(), StandardCharsets.UTF_8));
}
filterChain.doFilter(mutableRequest, servletResponse);
}
public static final class MutableHttpServletRequest extends HttpServletRequestWrapper {
private final Map<String, String> customHeaders;
public MutableHttpServletRequest(HttpServletRequest request) {
super(request);
this.customHeaders = new HashMap<>();
}
public void putHeader(String name, String value) {
this.customHeaders.put(name, value);
}
public String getHeader(String name) {
String headerValue = customHeaders.get(name);
if (headerValue != null) {
return headerValue;
}
return ((HttpServletRequest) getRequest()).getHeader(name);
}
public Enumeration<String> getHeaderNames() {
Set<String> set = new HashSet<>(customHeaders.keySet());
Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaderNames();
while (e.hasMoreElements()) {
String n = e.nextElement();
set.add(n);
}
return Collections.enumeration(set);
}
}
}
在
SecurityConfiguration
:
@Configuration
@EnableMethodSecurity(securedEnabled = true)
public class SecurityConfiguration {
private final JHipsterProperties jHipsterProperties;
private final CookieAuthorizationFilter cookieAuthorizationFilter;
public SecurityConfiguration(JHipsterProperties jHipsterProperties,
CookieAuthorizationFilter cookieAuthorizationFilter) {
this.jHipsterProperties = jHipsterProperties;
this.cookieAuthorizationFilter = cookieAuthorizationFilter;
}
// some codes
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, MvcRequestMatcher.Builder mvc) throws Exception {
http
// some codes
.addFilterBefore(cookieAuthorizationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
希望这会有所帮助。