center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

perf(token): 禁用每分钟自动刷新token机制

Browse Source
This commit is contained in:
fit2cloud-chenyw 2023-02-21 16:35:27 +08:00
parent ba866423bd
commit ac4bf63a89
7 changed files with 55 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
backend/src/main/java/io/dataease/auth/filter/F2CDocFilter.java
View File

@ -79,12 +79,7 @@ public class F2CDocFilter extends AccessControlFilter {
if (StringUtils.isBlank(authorization)) {
return false;
}
if (JWTUtils.loginExpire(authorization)) {
return false;
}
if (JWTUtils.needRefresh(authorization)) {
authorization = refreshToken(authorization);
}
TokenInfo tokenInfo = JWTUtils.tokenInfoByToken(authorization);
AuthUserService authUserService = CommonBeanFactory.getBean(AuthUserService.class);
SysUserEntity user = authUserService.getUserById(tokenInfo.getUserId());
@ -96,20 +91,6 @@ public class F2CDocFilter extends AccessControlFilter {
return verify;
}
private String refreshToken(String token) throws Exception {
TokenInfo tokenInfo = JWTUtils.tokenInfoByToken(token);
AuthUserService authUserService = CommonBeanFactory.getBean(AuthUserService.class);
SysUserEntity user = authUserService.getUserById(tokenInfo.getUserId());
if (user == null) {
DataEaseException.throwException(Translator.get("i18n_not_find_user"));
}
String password = user.getPassword();
Algorithm algorithm = Algorithm.HMAC256(password);
JWTUtils.verifySign(algorithm, token);
String newToken = JWTUtils.sign(tokenInfo, password);
return newToken;
}
@Override
protected boolean onAccessDenied(ServletRequest req, ServletResponse res) throws Exception {
HttpServletResponse response = (HttpServletResponse) res;

46
backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
View File

@ -1,24 +1,18 @@
package io.dataease.auth.filter;
import com.auth0.jwt.algorithms.Algorithm;
import io.dataease.auth.entity.ASKToken;
import io.dataease.auth.entity.JWTToken;
import io.dataease.auth.entity.SysUserEntity;
import io.dataease.auth.entity.TokenInfo;
import io.dataease.auth.handler.ApiKeyHandler;
import io.dataease.auth.service.AuthUserService;
import io.dataease.auth.util.JWTUtils;
import io.dataease.commons.utils.CommonBeanFactory;
import io.dataease.commons.utils.LogUtil;
import io.dataease.commons.utils.TokenCacheUtils;
import io.dataease.exception.DataEaseException;
import io.dataease.i18n.Translator;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
@ -30,7 +24,6 @@ import javax.servlet.http.HttpServletResponse;
public class JWTFilter extends BasicHttpAuthenticationFilter {
private Logger LOGGER = LoggerFactory.getLogger(this.getClass());
public final static String expireMessage = "Login token is expire.";
@ -69,14 +62,7 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
if (TokenCacheUtils.invalid(authorization)) {
throw new AuthenticationException(expireMessage);
}
// 当没有出现登录超时 且需要刷新token 则执行刷新token
if (JWTUtils.loginExpire(authorization)) {
TokenCacheUtils.remove(authorization);
throw new AuthenticationException(expireMessage);
}
if (JWTUtils.needRefresh(authorization)) {
authorization = refreshToken(request, response);
}
JWTToken token = new JWTToken(authorization);
Subject subject = getSubject(request, response);
// 提交给realm进行登入如果错误他会抛出异常并被捕获
@ -110,28 +96,6 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
}
private String refreshToken(ServletRequest request, ServletResponse response) throws Exception {
// 获取AccessToken(Shiro中getAuthzHeader方法已经实现)
String token = this.getAuthzHeader(request);
// 获取当前Token的帐号信息
TokenInfo tokenInfo = JWTUtils.tokenInfoByToken(token);
AuthUserService authUserService = CommonBeanFactory.getBean(AuthUserService.class);
SysUserEntity user = authUserService.getUserById(tokenInfo.getUserId());
if (user == null) {
DataEaseException.throwException(Translator.get("i18n_not_find_user"));
}
String password = user.getPassword();
Algorithm algorithm = Algorithm.HMAC256(password);
JWTUtils.verifySign(algorithm, token);
String newToken = JWTUtils.sign(tokenInfo, password);
// 设置响应的Header头新Token
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.addHeader("Access-Control-Expose-Headers", "RefreshAuthorization");
httpServletResponse.setHeader("RefreshAuthorization", newToken);
return newToken;
}
/**
* 对跨域提供支持
*/

67
backend/src/main/java/io/dataease/auth/util/JWTUtils.java
View File

@ -4,7 +4,6 @@ import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.JWTCreator.Builder;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.Verification;
import io.dataease.auth.entity.TokenInfo;
@ -19,10 +18,8 @@ import java.util.Date;
public class JWTUtils {
// token过期时间1min (过期会自动刷新续命 目的是避免一直都是同一个token )
private static final long EXPIRE_TIME = 1 * 60 * 1000;
// 登录间隔时间10min 超过这个时间强制重新登录
private static long Login_Interval;
private static Long expireTime;
/**
* 校验token是否正确
@ -65,62 +62,24 @@ public class JWTUtils {
return tokenInfoBuilder.build();
}
public static boolean needRefresh(String token) {
Date exp = JWTUtils.getExp(token);
Long advanceTime = 5000L;
return (new Date().getTime() + advanceTime) >= exp.getTime();
}
/**
* 当前token是否登录超时
*
* @param token
* @return
*/
public static boolean loginExpire(String token) {
if (Login_Interval == 0) {
// 默认超时时间是8h
Long minute = CommonBeanFactory.getBean(Environment.class).getProperty("dataease.login_timeout", Long.class,
8 * 60L);
// 分钟换算成毫秒
Login_Interval = minute * 1000 * 60;
}
Long lastOperateTime = tokenLastOperateTime(token);
boolean isExpire = true;
if (lastOperateTime != null) {
Long now = System.currentTimeMillis();
isExpire = now - lastOperateTime > Login_Interval;
}
return isExpire;
}
public static Date getExp(String token) {
try {
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("exp").asDate();
} catch (JWTDecodeException e) {
e.printStackTrace();
return null;
}
}
/**
* 生成签名,5min后过期
*
* @param tokenInfo 用户信息
* @param secret 用户的密码
* @return 加密的token
*/
public static String sign(TokenInfo tokenInfo, String secret) {
try {
Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
if (ObjectUtils.isEmpty(expireTime)) {
expireTime = CommonBeanFactory.getBean(Environment.class).getProperty("dataease.login_timeout", Long.class, 480L);
}
long expireTimeMillis = expireTime * 60000L;
Date date = new Date(System.currentTimeMillis() + expireTimeMillis);
Algorithm algorithm = Algorithm.HMAC256(secret);
Builder builder = JWT.create()
.withClaim("username", tokenInfo.getUsername())
.withClaim("userId", tokenInfo.getUserId());
String sign = builder.withExpiresAt(date).sign(algorithm);
return sign;
} catch (Exception e) {
return null;
}
@ -143,7 +102,6 @@ public class JWTUtils {
} else {
verifier = JWT.require(algorithm).withClaim("resourceId", resourceId).withClaim("userId", userId).build();
}
try {
verifier.verify(token);
return true;
@ -152,16 +110,5 @@ public class JWTUtils {
}
}
/**
* 获取当前token上次操作时间
*
* @param token
* @return
*/
public static Long tokenLastOperateTime(String token) {
DecodedJWT jwt = JWT.decode(token);
Date expiresAt = jwt.getExpiresAt();
return expiresAt.getTime();
}
}

5
backend/src/main/java/io/dataease/commons/utils/TokenCacheUtils.java
View File

@ -50,8 +50,9 @@ public class TokenCacheUtils {
}
Long time = expTime * 60;
CacheUtils.put(KEY, token, userId, time.intValue(), null);
Double v = time * 0.6;
CacheUtils.put(KEY, token, userId, time.intValue(), v.intValue());
CacheUtils.flush(KEY);
}
public static void remove(String token) {

24
backend/src/main/java/io/dataease/listener/ApplicationCloseEventListener.java Normal file
View File

@ -0,0 +1,24 @@
package io.dataease.listener;
import io.dataease.commons.utils.LogUtil;
import net.sf.ehcache.CacheManager;
import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextClosedEvent;
import org.springframework.stereotype.Component;
@Component
public class ApplicationCloseEventListener implements ApplicationListener<ContextClosedEvent> {
@Autowired(required = false)
CacheManager cacheManager;
@Override
public void onApplicationEvent(ContextClosedEvent event) {
if (ObjectUtils.isNotEmpty(cacheManager))
cacheManager.shutdown();
LogUtil.info("DataEase is stopping");
}
}

6
backend/src/main/java/io/dataease/listener/util/CacheUtils.java
View File

@ -66,6 +66,12 @@ public class CacheUtils {
return cache(cacheName).remove(key);
}
public static void flush(String cacheName) {
CacheManager manager = getCacheManager();
if (manager instanceof RedisCacheManager) return;
cache(cacheName).flush();
}
public static void removeAll(String cacheName) {
if (getCacheManager() instanceof RedisCacheManager) {
org.springframework.cache.Cache cache = getCacheManager().getCache(cacheName);

14
backend/src/main/resources/ehcache/ehcache.xml
View File

@ -272,12 +272,16 @@
<cache
name="sys_token_store"
eternal="true"
maxElementsInMemory="1"
maxElementsOnDisk="0"
eternal="false"
maxElementsInMemory="5000"
maxElementsOnDisk="50000"
overflowToDisk="true"
diskPersistent="true"
/>
timeToIdleSeconds="28800"
timeToLiveSeconds="28800"
memoryStoreEvictionPolicy="LRU"
diskPersistent="true">
<BootstrapCacheLoaderFactory class="net.sf.ehcache.store.DiskStoreBootstrapCacheLoaderFactory" properties="bootstrapAsynchronously=true" />
</cache>