增加jwt

hsweb-authorization/hsweb-authorization-jwt/pom.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-authorization</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-authorization-jwt</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-basic</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+            <version>0.7.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+</project>

hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtConfig.java

@@ -0,0 +1,57 @@
+package org.hswebframework.web.authorization.jwt;
+
+import org.apache.commons.codec.binary.Base64;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * jwt
+ */
+public class JwtConfig {
+
+    private String id;
+
+    private String secret;
+
+    private int ttl=60*60*1000;
+
+    private int refreshTtl=12*60*60*1000;
+
+    public String getSecret() {
+        return secret;
+    }
+
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
+
+    public int getTtl() {
+        return ttl;
+    }
+
+    public void setTtl(int ttl) {
+        this.ttl = ttl;
+    }
+
+    public int getRefreshTtl() {
+        return refreshTtl;
+    }
+
+    public void setRefreshTtl(int refreshTtl) {
+        this.refreshTtl = refreshTtl;
+    }
+
+    public SecretKey generalKey(){
+        byte[] encodedKey = Base64.decodeBase64(secret);
+        return new SecretKeySpec(encodedKey, 0, encodedKey.length, "AES");
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+}

hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenGenarator.java

@@ -0,0 +1,87 @@
+package org.hswebframework.web.authorization.jwt;
+
+import io.jsonwebtoken.JwtBuilder;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.apache.commons.codec.binary.Base64;
+import org.hswebframework.web.Maps;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.basic.web.TokenResult;
+import org.hswebframework.web.authorization.basic.web.UserTokenGenerator;
+import org.hswebframework.web.id.IDGenerator;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Created by zhouhao on 2017/8/30.
+ */
+public class JwtTokenGenarator implements UserTokenGenerator {
+
+    private JwtConfig jwtConfig;
+
+    public JwtTokenGenarator(JwtConfig jwtConfig) {
+        this.jwtConfig = jwtConfig;
+    }
+
+    @Override
+    public String getSupportTokenType() {
+        return "jwt";
+    }
+
+    private String createToken(){
+        return IDGenerator.MD5.generate();
+    }
+    @Override
+    public TokenResult generate(Authentication authentication) {
+        String token = createToken();
+
+        String jwtToken = createJWT(jwtConfig.getId(),token,jwtConfig.getTtl());
+
+        String refreshToken = createJWT(jwtConfig.getId(),token,jwtConfig.getRefreshTtl());
+        int timeout = jwtConfig.getTtl();
+
+        return new TokenResult() {
+            @Override
+            public Map<String, Object> getResponse() {
+                Map<String,Object> map = new HashMap<>();
+                map.put("token",jwtToken);
+                map.put("refreshToken",refreshToken);
+                return map;
+            }
+
+            @Override
+            public String getToken() {
+                return token;
+            }
+
+            @Override
+            public int getTimeout() {
+                return timeout;
+            }
+        };
+    }
+
+
+    public String createJWT(String id, String subject, long ttlMillis){
+        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+        long nowMillis = System.currentTimeMillis();
+        Date now = new Date();
+        SecretKey key = jwtConfig.generalKey();
+        JwtBuilder builder = Jwts.builder()
+                .setId(id)
+                .setIssuedAt(now)
+                .setSubject(subject)
+                .signWith(signatureAlgorithm, key);
+        if (ttlMillis >= 0) {
+            long expMillis = nowMillis + ttlMillis;
+            Date exp = new Date(expMillis);
+            builder.setExpiration(exp);
+        }
+        return builder.compact();
+    }
+}

hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java

@@ -0,0 +1,51 @@
+package org.hswebframework.web.authorization.jwt;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import org.hswebframework.web.authorization.basic.web.UserTokenParser;
+import org.springframework.util.StringUtils;
+
+import javax.crypto.SecretKey;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Created by zhouhao on 2017/8/30.
+ */
+public class JwtTokenParser implements UserTokenParser {
+
+    private JwtConfig jwtConfig;
+
+    public JwtTokenParser(JwtConfig jwtConfig) {
+        this.jwtConfig = jwtConfig;
+    }
+
+    @Override
+    public String parseToken(HttpServletRequest request) {
+        String headerToken = request.getHeader("jwt-token");
+        if(StringUtils.isEmpty(headerToken)){
+            headerToken=request.getHeader("Authorization");
+            if(!StringUtils.isEmpty(headerToken)){
+                if(headerToken.contains(" ")){
+                    String[] auth =headerToken.split("[ ]");
+                   // if(auth[0].equalsIgnoreCase("jwt")){
+                        headerToken=auth[1];
+                    //}
+                }
+            }
+        }
+        if(headerToken!=null){
+           return parseJWT(headerToken).getSubject();
+        }
+        return null;
+    }
+
+    public Claims parseJWT(String jwt){
+        SecretKey key = jwtConfig.generalKey();
+        Claims claims = Jwts.parser()
+                .setSigningKey(key)
+                .parseClaimsJws(jwt).getBody();
+        return claims;
+    }
+
+
+}