重构jwt
在生成jwt时,若不想将权限暴露出来,或者权限多导致jwt长度过长,可以在生成jwt时将权限改成写入到redis中,在请求时,重新构造jwt,让 @RolesAllowed
注解仍然可以生效
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
| @ApplicationScoped @Alternative @Priority(1) public class TestJWTCallerPrincipalFactory extends JWTCallerPrincipalFactory {
@Inject JsonUtil jsonUtil; @Inject RedisUtil redisUtil;
@Override public JWTCallerPrincipal parse(String token, JWTAuthContextInfo authContextInfo) throws ParseException { try { String json = new String(Base64.getUrlDecoder().decode(token.split("\\.")[1]), StandardCharsets.UTF_8); ObjectNode jsonNode = jsonUtil.parseObj(json); String groups = redisUtil.get(jsonNode.get("sub").asText()); if (groups != null) { jsonNode.putArray("groups").addAll(jsonUtil.parseArray(groups)); } return new DefaultJWTCallerPrincipal(JwtClaims.parse(jsonNode.toString())); } catch (InvalidJwtException ex) { throw new ParseException(ex.getMessage()); } } }
|