package com.whyc.manager;
|
|
import com.whyc.constant.SuperConstant;
|
import io.jsonwebtoken.Claims;
|
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
|
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
import org.apache.shiro.web.util.WebUtils;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.util.StringUtils;
|
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import java.io.Serializable;
|
|
public class ShiroSessionManager extends DefaultWebSessionManager {
|
|
public ShiroSessionManager() {
|
}
|
|
@Autowired
|
JWTManager jwtManager;
|
|
@Override
|
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
|
//改变session模式后,解析携带的jwt
|
String jwt = WebUtils.toHttp(request).getHeader(SuperConstant.AUTHORIZATION);
|
if (StringUtils.isEmpty(jwt)){
|
//如果没有携带jwt,则采用cookie方式
|
return super.getSessionId(request,response);
|
}else{
|
//设置request属性为无状态,SessionId
|
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,SuperConstant.REFERENCED_SESSION_ID_RESOURCE);
|
try {
|
Claims claims = jwtManager.decodeToken(jwt);
|
String sessionId = (String) claims.get("jti");
|
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId);
|
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
|
return sessionId;
|
}catch (Exception e){
|
//无法解密jwt,说明凭证有问题
|
//e.printStackTrace();
|
return null;
|
}
|
}
|
}
|
}
|
