package net.filter.jwt; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.apache.shiro.util.ThreadContext; import org.apache.shiro.web.subject.WebSubject; import org.apache.shiro.web.subject.WebSubject.Builder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.filter.OncePerRequestFilter; import net.entity.User; import net.service.UserService; /** * 过滤请求头部信息,如果有,就自动登录 http://blog.csdn.net/qi923701/article/details/75007813 * * @author wutao * @date 2017年11月11日 下午3:09:51 */ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class); @Autowired private UserService userService; @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { String tokenHeader = request.getHeader(JwtTokenUtil.AUTH_TOKEN); if (StringUtils.isNotBlank(tokenHeader)) { Long userId = JwtTokenUtil.getUserIdFromToken(tokenHeader); if (userId != null) { if (logger.isDebugEnabled()) { logger.debug("getUserIdFromToken userId {}", userId); } User auser = userService.find(userId); if (auser != null) { PrincipalCollection principals = new SimplePrincipalCollection(auser, "authorizingRealm"); Builder builder = new WebSubject.Builder(request, response); builder.principals(principals); builder.authenticated(true); WebSubject subject = builder.buildWebSubject(); ThreadContext.bind(subject); } } } chain.doFilter(request, response); } }