/* * Copyright 2017-2018 the original author(https://github.com/wj596) * * <p> * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * </p> */ package org.jsets.shiro.filter.stateless; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.AccessControlFilter; import org.apache.shiro.web.util.WebUtils; import org.jsets.shiro.config.ShiroProperties; import org.jsets.shiro.util.CommonUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * 基于JWT(JSON WEB TOKEN)的无状态过滤器--认证 * * @author wangjie (https://github.com/wj596) * @date 2016年6月31日 */ public class JwtAuthcFilter extends StatelessFilter{ private static final Logger LOGGER = LoggerFactory.getLogger(AccessControlFilter.class); @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { if (null != getSubject(request, response) && getSubject(request, response).isAuthenticated()) { return true; } return false; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { if(isJwtSubmission(request)){ AuthenticationToken token = createJwtToken(request, response); try { Subject subject = getSubject(request, response); subject.login(token); return true; } catch (AuthenticationException e) { LOGGER.error(request.getRemoteHost()+" JWT认证 "+e.getMessage()); CommonUtils.restFailed(WebUtils.toHttp(response) ,ShiroProperties.REST_CODE_AUTH_UNAUTHORIZED,e.getMessage()); } } CommonUtils.restFailed(WebUtils.toHttp(response) ,ShiroProperties.REST_CODE_AUTH_UNAUTHORIZED ,ShiroProperties.REST_MESSAGE_AUTH_UNAUTHORIZED); return false; } }