SpringBoot integrates Shiro to realize JWT refresh. In which class should refresh token be implemented and how to return a new token (how to get a new token in Controller) to the user when the request is returned?
currently my code is like this: do JWT verification in the login authentication of Realm, but I don"t know how to write it when I judge that the JWT has expired but can still be refreshed. Should I throw an exception to the custom ShiroFilter and redirect a new request or something? Ask the great god for an answer, thank you!
public class MyRealm extends AuthorizingRealm{
private Logger LOGGER = LoggerFactory.getLogger(this.getClass());
@Resource
private UserBiz userBiz;
/**
* Shiro
*/
@Override
public boolean supports(AuthenticationToken token) {
return token instanceof JWTToken;
}
/**
*
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
String token = principals.getPrimaryPrincipal().toString();
LOGGER.info("Realm:"+token);
String username = JWTUtil.getUsername(token);
System.out.println("Realmusername:"+username);
User user = userBiz.findByName(username);
List<Role> roles = userBiz.selectRoleByUser(user);
for(Role role : roles){
simpleAuthorizationInfo.addRole(role.getName());
List<Permission> permissions = userBiz.selectPermissionByRole(role);
for(Permission per : permissions){
simpleAuthorizationInfo.addStringPermission(per.getName());
}
}
return simpleAuthorizationInfo;
}
/**
*
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws TokenExpiredException,AuthenticationException {
String token = auth.getPrincipal().toString();
LOGGER.info("Realm:"+token);
String username = JWTUtil.getUsername(token);
if(username == null){
LOGGER.info("tokenusername");
return null;
}
User user = userBiz.findByName(username);
if(user == null){
return null;
}
try {
JWTUtil.verify(token, username, user.getPassword());
} catch (TokenExpiredException e) {
//,token,
LOGGER.info("token");
if(JWTUtil.verifySignDate(token)){
LOGGER.info("token,token");
//token
return null;
}
} catch (Exception e) {
LOGGER.info("");
return null;
}
return new SimpleAuthenticationInfo(token, token, "my_realm");
}
}