抱歉,您的浏览器无法访问本站

本页面需要浏览器支持(启用)JavaScript


了解详情 >

重构jwt

在生成jwt时,若不想将权限暴露出来,或者权限多导致jwt长度过长,可以在生成jwt时将权限改成写入到redis中,在请求时,重新构造jwt,让 @RolesAllowed 注解仍然可以生效

@ApplicationScoped
@Alternative
@Priority(1)
public class TestJWTCallerPrincipalFactory extends JWTCallerPrincipalFactory {

  @Inject JsonUtil jsonUtil;
  @Inject RedisUtil redisUtil;

  @Override
  public JWTCallerPrincipal parse(String token, JWTAuthContextInfo authContextInfo)
      throws ParseException {
    try {
      String json =
          new String(Base64.getUrlDecoder().decode(token.split("\\.")[1]), StandardCharsets.UTF_8);
      ObjectNode jsonNode = jsonUtil.parseObj(json);
      String groups = redisUtil.get(jsonNode.get("sub").asText());
      if (groups != null) {
        jsonNode.putArray("groups").addAll(jsonUtil.parseArray(groups));
      }
      return new DefaultJWTCallerPrincipal(JwtClaims.parse(jsonNode.toString()));
    } catch (InvalidJwtException ex) {
      throw new ParseException(ex.getMessage());
    }
  }
}

评论