Java Code Examples for io.jsonwebtoken.Claims#getId()

The following examples show how to use io.jsonwebtoken.Claims#getId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JWTUtil.java    From NutzSite with Apache License 2.0 6 votes vote down vote up 
/**
 *  获取ID
 * @return
 */
public static String getId() {
    HttpServletRequest request = Mvcs.getReq();
    Map<String, String> map = new HashMap<String, String>();
    Enumeration headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String key = (String) headerNames.nextElement();
        String value = request.getHeader(key);
        map.put(key, value);
    }
    try{
        String token=map.get("authorization");
       if(verifyToken(token)){
           Claims claims = Jwts.parser()
                   .setSigningKey(key)
                   .parseClaimsJws(token).getBody();
           return  claims.getId();
       }
    }catch (Exception e){
        log.debug(e.getMessage());
        e.printStackTrace();

    }
    return null;
}
Example 2
Source File: RestAuthTokenInterceptor.java    From jeecg with Apache License 2.0 5 votes vote down vote up 
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception {
	String requestPath = request.getRequestURI().substring(request.getContextPath().length());
	if(requestPath.indexOf("/rest/")==-1 || excludeUrls.contains(requestPath) ||moHuContain(excludeContainUrls, requestPath)){
		return true;
	}
	
	//从header中得到token
	String authHeader = request.getHeader(JwtConstants.AUTHORIZATION);
	if (authHeader == null) {
           throw new ServletException("Missing or invalid X-AUTH-TOKEN header.");
       }
	// 验证token
	Claims claims = null;
	try {
	    claims = Jwts.parser().setSigningKey(JwtConstants.JWT_SECRET).parseClaimsJws(authHeader).getBody();
	}catch (final SignatureException e) {
		throw new ServletException("Invalid token.");
	}
	
	Object username = claims.getId();
	if (oConvertUtils.isEmpty(username)) {
           throw new ServletException("Invalid X-AUTH-TOKEN Subject no exist username.");
       }
	TokenModel model = manager.getToken(authHeader,username.toString());
	if (manager.checkToken(model)) {
		//如果token验证成功,将对象传递给下一个请求
           request.setAttribute(JwtConstants.CURRENT_TOKEN_CLAIMS, claims);
		//如果token验证成功,将token对应的用户id存在request中,便于之后注入
		request.setAttribute(JwtConstants.CURRENT_USER_NAME, model.getUsername());
		return true;
	} else {
		// 如果验证token失败,则返回401错误
		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
		return false;
	}
}
Example 3
Source File: AuthenticationInterceptor.java    From XUpdateService with Apache License 2.0 4 votes vote down vote up 
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    System.out.println("----------【用户认证拦截器】-----------");

    // 如果不是映射到方法直接通过
    if (!(handler instanceof HandlerMethod)) {
        return true;
    }

    HandlerMethod handlerMethod = (HandlerMethod) handler;
    Method method = handlerMethod.getMethod();
    // 判断接口是否需要登录
    LoginRequired loginRequired = method.getAnnotation(LoginRequired.class);

    if (loginRequired == null) { //没有 @LoginRequired 注解,无需认证
        return true;
    }

    // 判断是否存在令牌信息,如果存在,则允许登录
    String accessToken = TokenUtils.parseToken(request);

    if (StringUtils.isEmpty(accessToken)) {
        throw new ApiException("未携带token,请先进行登录", TOKEN_MISSING);
    }

    // 从Redis 中查看 token 是否过期
    Claims claims;
    try {
        claims = TokenUtils.parseJWT(accessToken);
    } catch (ExpiredJwtException e) {
        throw new ApiException("token失效,请重新登录", TOKEN_INVALID);
    } catch (SignatureException se) {
        throw new ApiException("token令牌错误", AUTH_ERROR);
    }

    String loginName = claims.getId();
    Account account = accountService.checkAccount(loginName);

    if (account == null) {
        throw new ApiException("用户不存在,请重新登录", TOKEN_INVALID);
    }
    // 当前登录用户@CurrentAccount
    request.setAttribute(Constants.CURRENT_ACCOUNT, account);
    return true;
}
Example 4
Source File: AuthCheckAspect.java    From plumdo-work with Apache License 2.0 4 votes vote down vote up 
@Around("webRequestAuth()&& webRequestNotAuth()")
public Object doAuth(ProceedingJoinPoint pjp) throws Throwable {
    ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
    HttpServletRequest request = attributes.getRequest();

    String userId = null;
    String token = request.getHeader("Token");
    if (ObjectUtils.isEmpty(token)) {
        token = request.getParameter("token");
    }
    logger.info("token:" + token);

    if (ObjectUtils.isEmpty(token)) {
        exceptionFactory.throwAuthError(CoreConstant.HEADER_TOKEN_NOT_FOUND);
    }
    if (!token.startsWith("Bearer ")) {
        exceptionFactory.throwAuthError(CoreConstant.HEADER_TOKEN_ILLEGAL);
    }

    try {
        Claims claims = Jwts.parser().setSigningKey(CoreConstant.JWT_SECRET).parseClaimsJws(token.substring(7)).getBody();
        userId = claims.getId();
        if (ObjectUtils.isEmpty(userId)) {
            exceptionFactory.throwAuthError(CoreConstant.TOKEN_USER_ID_NOT_FOUND);
        }

        Date expiration = claims.getExpiration();
        if (expiration != null && expiration.before(new Date())) {
            exceptionFactory.throwAuthError(CoreConstant.TOKEN_EXPIRE_OUT);
        }
    } catch (Exception e) {
        exceptionFactory.throwAuthError(CoreConstant.TOKEN_AUTH_CHECK_ERROR);
    }
    try {
        Authentication.setToken(token);
        Authentication.setUserId(userId);
        return pjp.proceed(pjp.getArgs());
    } finally {
        Authentication.clear();
    }
}