通过token登录系统

src/main/java/com/ygj/yuemum/controller/admin/JlAdminUserController.java

@@ -3,6 +3,7 @@ package com.ygj.yuemum.controller.admin;
 import com.alibaba.fastjson.JSONObject;
 import com.ygj.yuemum.domain.admin.JlAdminUser;
 import com.ygj.yuemum.service.admin.JlAdminUserService;
+import org.apache.shiro.SecurityUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
@@ -48,7 +49,8 @@ public class JlAdminUserController {
 
     @GetMapping("/getUserMkt")
     public JlAdminUser getUserMkt(String username) {
-        return jladminuserService.getUserMkt(username);
+        String principal =(String) SecurityUtils.getSubject().getPrincipal();
+        return jladminuserService.getUserMkt(principal);
     }
 
     @PostMapping("/JlAdminadd")

src/main/java/com/ygj/yuemum/shiro/ShiroLoginFilter.java

@@ -12,8 +12,8 @@ import java.io.IOException;
 
 @Component
 @ServletComponentScan
-@WebFilter(urlPatterns = "/*",filterName = "shiroLoginFilter")
-public class ShiroLoginFilter  implements Filter {
+@WebFilter(urlPatterns = "/*", filterName = "shiroLoginFilter")
+public class ShiroLoginFilter implements Filter {
 
     private FilterConfig config = null;
 
@@ -21,31 +21,33 @@ public class ShiroLoginFilter  implements Filter {
     public void init(FilterConfig config) throws ServletException {
         this.config = config;
     }
+
     @Override
     public void destroy() {
         this.config = null;
     }
+
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         HttpServletResponse response = (HttpServletResponse) servletResponse;
         HttpServletRequest request = (HttpServletRequest) servletRequest;
         // 允许哪些Origin发起跨域请求,nginx下正常
         // response.setHeader( "Access-Control-Allow-Origin", config.getInitParameter( "AccessControlAllowOrigin" ) );
-        response.setHeader( "Access-Control-Allow-Origin", request.getHeader("Origin") );
+        response.setHeader("Access-Control-Allow-Origin",  request.getHeader("Origin"));
         // 允许请求的方法
-        response.setHeader( "Access-Control-Allow-Methods", "*" );
+        response.setHeader("Access-Control-Allow-Methods", "*");
         // 多少秒内，不需要再发送预检验请求，可以缓存该结果
-        response.setHeader( "Access-Control-Max-Age", "86400" );
+        response.setHeader("Access-Control-Max-Age", "86400");
         // 表明它允许跨域请求包含xxx头
-        response.setHeader( "Access-Control-Allow-Headers", "JSESSIONID,x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept" );
+        response.setHeader("Access-Control-Allow-Headers", "JSESSIONID,x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept,token");
         //是否允许浏览器携带用户身份信息（cookie）
-        response.setHeader( "Access-Control-Allow-Credentials", "true" );
-        if (request.getMethod().equals( "OPTIONS" )) {
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        if (request.getMethod().equals("OPTIONS")) {
             response.setStatus(HttpStatus.SC_OK);
             response.getWriter().write("OPTIONS returns OK");
             return;
         }
-        filterChain.doFilter( servletRequest, response );
+        filterChain.doFilter(servletRequest, response);
     }
 
 

src/main/java/com/ygj/yuemum/shiro/sso/JWTShiroRealm.java

@@ -18,7 +18,6 @@ import org.springframework.stereotype.Component;
 
 /**
  * 自定义身份认证
- *
  */
 
 @Component
@@ -46,13 +45,13 @@ public class JWTShiroRealm extends AuthorizingRealm {
         JWTToken jwtToken = (JWTToken) authcToken;
         String token = jwtToken.getToken();
 
-        String userEmail = JWTUtils.getUserName(token);
+        Integer userId = JWTUtils.getUserId(token);
 
-        JlAdminUser user = jlAdminUserService.getUserByEmail(userEmail);
+        JlAdminUser user = jlAdminUserService.getUser(userId);
         if (user == null)
             throw new AuthenticationException("token不合法，请重新登录");
 
-        return new SimpleAuthenticationInfo(user.getName(), token, "jwtRealm");
+        return new SimpleAuthenticationInfo(user.getUsername(), token, "jwtRealm");
     }
 
     @Override

src/main/java/com/ygj/yuemum/utils/JWTConstants.java

@@ -7,9 +7,11 @@ public class JWTConstants {
 
     public static final String USERNAME = "userName";
 
+    public static final String USERID = "userId";
+
     public static final String ROLES = "roles";
 
-    public static final String SALT = "yue-suo";
+    public static final String SECRET = "yue-suo-456";
 
     public static final String TOKEN = "token";
 

src/main/java/com/ygj/yuemum/utils/JWTUtils.java

@@ -15,7 +15,7 @@ public class JWTUtils {
     //解析出jwt内容
     public static Claims decoderJwt(String token) {
         return Jwts.parser()
-                .setSigningKey(JWTConstants.SALT)
+                .setSigningKey(JWTConstants.SECRET)
                 .parseClaimsJws(token)
                 .getBody();
 
@@ -27,7 +27,7 @@ public class JWTUtils {
         return Jwts.builder()
                 .setClaims(claims)
                 .setExpiration(Date.from((LocalDateTime.now().plusSeconds(60 * 60 * 24)).atZone(ZoneId.systemDefault()).toInstant()))
-                .signWith(SignatureAlgorithm.HS512, JWTConstants.SALT)
+                .signWith(SignatureAlgorithm.HS512, JWTConstants.SECRET)
                 .compact();
 
     }
@@ -38,6 +38,12 @@ public class JWTUtils {
         return claims.get(JWTConstants.USERNAME, String.class);
     }
 
+    //获取用户名
+    public static Integer getUserId(String token) {
+        Claims claims = decoderJwt(token);
+        return Integer.parseInt(claims.get(JWTConstants.USERID, String.class));
+    }
+
 
     public static void main(String[] args) {
         Map<String, Object> map = new HashMap<>();