用户认证流程
单点登录结合springsecurity+oauth2+jwt
(一)认证服务申请令牌将令牌信息放到redis中,同时表示信息放到cookie中
(二)认证服务通过feign远程调用用户服务系统,获取用户信息。
获取username因为调用方的前端只有这个username
先写被调用方服务
import com.xuecheng.filesystem.framework.domain.ucenter.ext.XcUserExt; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @Api("用户中心管理接口") public interface UCentereControllerApi { @ApiOperation("查询用户信息") XcUserExt findUserInfo(String username); } @RestController @RequestMapping("/ucenter") public class UCenterController implements UCentereControllerApi { @Autowired private UserCenterService userCenterService; @Override @GetMapping("/getuserext") public XcUserExt findUserInfo(@RequestParam("username") String username) { return userCenterService.findUserInfo(username); } } @Service public class UserCenterService { @Autowired private UserRepository userRepository; @Autowired private CompanyUserRepository companyUserRepository; @Autowired private XcMenuMapper xcMenuMapper; /** * 获取用户相关信息 * @param username * @return */ public XcUserExt findUserInfo(String username) { XcUserExt xcUserExt = new XcUserExt(); //用户基础信息 XcUser xcUser = userRepository.findByUsername(username); BeanUtils.copyProperties(xcUser,xcUserExt); //获取公司 XcCompanyUser companyUser = companyUserRepository.findByUserId(xcUser.getId()); if (companyUser != null){ xcUserExt.setCompanyId(companyUser.getCompanyId()); } /* //获取当前用户的权限信息 List<XcMenu> menuList = xcMenuMapper.findMenuList(xcUser.getId()); xcUserExt.setPermissions(menuList);*/ return xcUserExt; } } import com.xuecheng.filesystem.framework.client.XcServiceList; import com.xuecheng.filesystem.framework.domain.ucenter.ext.XcUserExt; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestParam; @FeignClient(name= XcServiceList.XC_SERVICE_UCENTER) public interface UserClient { @GetMapping("/ucenter/getuserext") public XcUserExt findUserInfo(@RequestParam("username") String username); } XcUserExt userext = userClient.findUserInfo(username); if(userext == null){ return null; } userext.setPermissions(new ArrayList<XcMenu>()); //取出正确密码(hash值) String password = userext.getPassword();
登录后显示头像和用户名
1 @ApiOperation("查询jwt") 2 JwtResult getJwt(); 3 } 4 @Override 5 @GetMapping("/userjwt") 6 public JwtResult getJwt() { 7 //从coolkie中获取jti信息 8 String jti=this.getJtiFromCookie(); 9 //将cookie中的value(jti)作为redis中的key,获取jwt令牌(其实是整个authToke) 10 AuthToken authon= authService.getTokenFormRedis(jti); 11 return new JwtResult(CommonCode.SUCCESS,authon.getAccess_token()); 12 13 } 14 15 public AuthToken getTokenFormRedis(String jti) { 16 String key="user_token:"+jti; 17 String tokenString = stringRedisTemplate.boundValueOps(key).get(); 18 AuthToken authToken = JSON.parseObject(tokenString, AuthToken.class); 19 20 return authToken; 21 }
退出登录,
删除cookie
1 @Override 2 @PostMapping("/userlogout") 3 public ResponseResult logout() { 4 String jti=this.getJtiFromCookie(); 5 authService.delTokenFromRedis(jti); 6 this.delCookie(jti); 7 return null; 8 } 9 10 private void delCookie(String jti) { 11 HttpServletResponse response = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse(); 12 CookieUtil.addCookie(response,cookieDomain,"/","uid",jti,0,false); 13 14 }
从redis中删除
public void delTokenFromRedis(String jti) {
String key="user_token:"+jti;
stringRedisTemplate.delete(key);
}
}
(三)加了个网关校验令牌
利用zuul(网关)是在nginx(反向代理,负载均衡)之后,微服务前面,起到微服务安全访问,请求路由,负载均衡,校验过滤作用。
3.1请求转发作用
1.之前访问图片服务:
2,加入网关后
3.2过滤作用