抱歉,您的浏览器无法访问本站
本页面需要浏览器支持(启用)JavaScript
了解详情 >

重构jwt

在生成jwt时,若不想将权限暴露出来,或者权限多导致jwt长度过长,可以在生成jwt时将权限改成写入到redis中,在请求时,重新构造jwt,让 @RolesAllowed 注解仍然可以生效

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
@ApplicationScoped
@Alternative
@Priority(1)
public class TestJWTCallerPrincipalFactory extends JWTCallerPrincipalFactory {

@Inject JsonUtil jsonUtil;
@Inject RedisUtil redisUtil;

@Override
public JWTCallerPrincipal parse(String token, JWTAuthContextInfo authContextInfo)
throws ParseException {
try {
String json =
new String(Base64.getUrlDecoder().decode(token.split("\\.")[1]), StandardCharsets.UTF_8);
ObjectNode jsonNode = jsonUtil.parseObj(json);
String groups = redisUtil.get(jsonNode.get("sub").asText());
if (groups != null) {
jsonNode.putArray("groups").addAll(jsonUtil.parseArray(groups));
}
return new DefaultJWTCallerPrincipal(JwtClaims.parse(jsonNode.toString()));
} catch (InvalidJwtException ex) {
throw new ParseException(ex.getMessage());
}
}
}

评论