diff --git a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/remoteapi/AuthCenterRemoteApi.java b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/remoteapi/AuthCenterRemoteApi.java index 9757c892..a4fbabd2 100644 --- a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/remoteapi/AuthCenterRemoteApi.java +++ b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/remoteapi/AuthCenterRemoteApi.java @@ -4,7 +4,6 @@ import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListResponse; import com.jmsoftware.maf.common.domain.authcenter.permission.PermissionType; import com.jmsoftware.maf.common.domain.authcenter.role.GetRoleListByUserIdResponse; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload; import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse; import com.jmsoftware.maf.common.domain.authcenter.user.GetUserByLoginTokenResponse; import org.springframework.validation.annotation.Validated; @@ -15,6 +14,7 @@ import javax.validation.Valid; import javax.validation.constraints.NotNull; import java.util.List; +import java.util.Map; import static org.springframework.web.bind.annotation.RequestMethod.GET; @@ -62,9 +62,9 @@ Mono> getPermissionListB /** * Parse mono. * - * @param payload the payload + * @param headers the HTTP headers * @return the mono */ - @PostMapping("/jwt-remote-api/parse") - Mono> parse(@Valid @RequestBody ParseJwtPayload payload); + @GetMapping("/jwt-remote-api/parse") + Mono> parse(@RequestHeader Map headers); } diff --git a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/JwtReactiveServerSecurityContextRepositoryImpl.java b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/JwtReactiveServerSecurityContextRepositoryImpl.java index b7bc10c2..266e3e6a 100644 --- a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/JwtReactiveServerSecurityContextRepositoryImpl.java +++ b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/JwtReactiveServerSecurityContextRepositoryImpl.java @@ -4,7 +4,6 @@ import com.jmsoftware.maf.apigateway.remoteapi.AuthCenterRemoteApi; import com.jmsoftware.maf.apigateway.security.configuration.JwtConfiguration; import com.jmsoftware.maf.common.bean.ResponseBodyBean; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload; import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse; import com.jmsoftware.maf.common.domain.authcenter.security.UserPrincipal; import com.jmsoftware.maf.common.exception.SecurityException; @@ -25,6 +24,7 @@ import reactor.core.publisher.Mono; import javax.annotation.Resource; +import java.util.HashMap; /** * Description: JwtReactiveServerSecurityContextRepositoryImpl @@ -64,11 +64,10 @@ public Mono load(ServerWebExchange exchange) { HttpHeaders.AUTHORIZATION, request.getMethod(), request.getURI()); return Mono.error(new SecurityException(HttpStatus.NETWORK_AUTHENTICATION_REQUIRED, "JWT Required")); } - val jwt = authorization.replace(JwtConfiguration.TOKEN_PREFIX, ""); - val parseJwtPayload = new ParseJwtPayload(); - parseJwtPayload.setJwt(jwt); + val headers = new HashMap(4); + headers.put(HttpHeaders.AUTHORIZATION, authorization); Mono parseJwtResponseMono = authCenterRemoteApi - .parse(parseJwtPayload) + .parse(headers) .map(ResponseBodyBean::getData) .switchIfEmpty(Mono.error( new SecurityException(HttpStatus.INTERNAL_SERVER_ERROR, "Got empty when parsing JWT"))); diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/controller/JwtRemoteApiController.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/controller/JwtRemoteApiController.java index 613daa2f..bf8d4166 100644 --- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/controller/JwtRemoteApiController.java +++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/controller/JwtRemoteApiController.java @@ -2,19 +2,17 @@ import com.jmsoftware.maf.authcenter.security.service.JwtService; import com.jmsoftware.maf.common.bean.ResponseBodyBean; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload; import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse; import com.jmsoftware.maf.common.exception.SecurityException; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import javax.validation.Valid; +import javax.servlet.http.HttpServletRequest; /** * Description: JwtRemoteApiController, change description here. @@ -31,16 +29,12 @@ public class JwtRemoteApiController { /** * Parse response body bean. - *

- * TODO: remove ParseJwtPayload, get JWT from HTTP header * - * @param payload the payload * @return the response body bean - * @throws SecurityException the security exception */ - @PostMapping("/parse") + @GetMapping("/parse") @ApiOperation(value = "Parse JWT", notes = "Parse JWT (Remote API)") - public ResponseBodyBean parse(@Valid @RequestBody ParseJwtPayload payload) throws SecurityException { - return ResponseBodyBean.ofSuccess(jwtService.parse(payload)); + public ResponseBodyBean parse(HttpServletRequest request) throws SecurityException { + return ResponseBodyBean.ofSuccess(new ParseJwtResponse().setUsername(jwtService.getUsernameFromRequest(request))); } } diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/JwtService.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/JwtService.java index f89d152a..ddc5d5fe 100644 --- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/JwtService.java +++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/JwtService.java @@ -1,7 +1,5 @@ package com.jmsoftware.maf.authcenter.security.service; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse; import com.jmsoftware.maf.common.exception.SecurityException; import io.jsonwebtoken.Claims; import org.springframework.security.core.Authentication; @@ -9,7 +7,6 @@ import org.springframework.validation.annotation.Validated; import javax.servlet.http.HttpServletRequest; -import javax.validation.Valid; import java.util.Collection; import java.util.List; @@ -86,13 +83,4 @@ String createJwt(Boolean rememberMe, Long id, String subject, List roles * @return the jwt from request */ String getJwtFromRequest(HttpServletRequest request); - - /** - * Parse parse jwt response. - * - * @param payload the payload - * @return the parse jwt response - * @throws SecurityException the security exception - */ - ParseJwtResponse parse(@Valid ParseJwtPayload payload) throws SecurityException; } diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/impl/JwtServiceImpl.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/impl/JwtServiceImpl.java index 384f5a99..6aeb7a0e 100644 --- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/impl/JwtServiceImpl.java +++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/security/service/impl/JwtServiceImpl.java @@ -5,8 +5,6 @@ import cn.hutool.core.util.StrUtil; import com.jmsoftware.maf.authcenter.security.service.JwtService; import com.jmsoftware.maf.authcenter.universal.configuration.JwtConfiguration; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtPayload; -import com.jmsoftware.maf.common.domain.authcenter.security.ParseJwtResponse; import com.jmsoftware.maf.common.domain.authcenter.security.UserPrincipal; import com.jmsoftware.maf.common.exception.SecurityException; import io.jsonwebtoken.*; @@ -24,7 +22,6 @@ import javax.annotation.PostConstruct; import javax.crypto.SecretKey; import javax.servlet.http.HttpServletRequest; -import javax.validation.Valid; import java.nio.charset.StandardCharsets; import java.util.Collection; import java.util.Date; @@ -158,12 +155,4 @@ public String getJwtFromRequest(HttpServletRequest request) { } return null; } - - @Override - public ParseJwtResponse parse(@Valid ParseJwtPayload payload) throws SecurityException { - String usernameFromJwt = this.getUsernameFromJwt(payload.getJwt()); - ParseJwtResponse response = new ParseJwtResponse(); - response.setUsername(usernameFromJwt); - return response; - } } diff --git a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtPayload.java b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtPayload.java deleted file mode 100644 index 06e48cb5..00000000 --- a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtPayload.java +++ /dev/null @@ -1,16 +0,0 @@ -package com.jmsoftware.maf.common.domain.authcenter.security; - -import lombok.Data; - -import javax.validation.constraints.NotBlank; - -/** - * Description: ParseJwtPayload, change description here. - * - * @author 钟俊(zhongjun), email: zhongjun@toguide.cn, date: 12/29/2020 11:09 AM - **/ -@Data -public class ParseJwtPayload { - @NotBlank - private String jwt; -} diff --git a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtResponse.java b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtResponse.java index 9ab56d39..42df767f 100644 --- a/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtResponse.java +++ b/common/src/main/java/com/jmsoftware/maf/common/domain/authcenter/security/ParseJwtResponse.java @@ -1,6 +1,7 @@ package com.jmsoftware.maf.common.domain.authcenter.security; import lombok.Data; +import lombok.experimental.Accessors; /** * Description: ParseJwtResponse, change description here. @@ -8,6 +9,7 @@ * @author 钟俊(zhongjun), email: zhongjun@toguide.cn, date: 12/29/2020 11:09 AM **/ @Data +@Accessors(chain = true) public class ParseJwtResponse { private String username; }