From c74a67cdc6401b8c688ea563343dee226d260673 Mon Sep 17 00:00:00 2001 From: siujamo Date: Wed, 31 Dec 2025 09:46:28 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=80=A7=E8=83=BD=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 使用全局唯一 JWT Verifier 实例 --- .../onixbyte/helix/client/TokenClient.java | 19 ++++++++++++++++++- .../onixbyte/helix/config/SecurityConfig.java | 9 +++++++++ .../filter/TokenAuthenticationFilter.java | 17 +++++++++-------- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/onixbyte/helix/client/TokenClient.java b/src/main/java/com/onixbyte/helix/client/TokenClient.java index 3c11f4b..7e13e0d 100644 --- a/src/main/java/com/onixbyte/helix/client/TokenClient.java +++ b/src/main/java/com/onixbyte/helix/client/TokenClient.java @@ -1,7 +1,9 @@ package com.onixbyte.helix.client; import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.interfaces.DecodedJWT; import com.onixbyte.helix.domain.entity.User; import com.onixbyte.helix.properties.TokenProperties; import com.onixbyte.helix.utils.DateTimeUtil; @@ -24,6 +26,7 @@ public class TokenClient { private final Algorithm algorithm; private final TokenProperties tokenProperties; + private final JWTVerifier verifier; /** * Constructs a new TokenClient with the necessary algorithm and token properties. @@ -33,9 +36,10 @@ public class TokenClient { * validity period */ @Autowired - public TokenClient(Algorithm algorithm, TokenProperties tokenProperties) { + public TokenClient(Algorithm algorithm, TokenProperties tokenProperties, JWTVerifier verifier) { this.algorithm = algorithm; this.tokenProperties = tokenProperties; + this.verifier = verifier; } /** @@ -56,4 +60,17 @@ public class TokenClient { .withExpiresAt(DateTimeUtil.asInstant(expiresAt)) .sign(algorithm); } + + /** + * Verify and decode token. + * + * @param token a JWT token + * @return information included in the given token + * @throws com.auth0.jwt.exceptions.JWTVerificationException if the token is invalid, such as + * expired, or not signed by + * specific server + */ + public DecodedJWT verifyToken(String token) { + return verifier.verify(token); + } } \ No newline at end of file diff --git a/src/main/java/com/onixbyte/helix/config/SecurityConfig.java b/src/main/java/com/onixbyte/helix/config/SecurityConfig.java index 7d80d9d..9ed2ffc 100644 --- a/src/main/java/com/onixbyte/helix/config/SecurityConfig.java +++ b/src/main/java/com/onixbyte/helix/config/SecurityConfig.java @@ -1,5 +1,7 @@ package com.onixbyte.helix.config; +import com.auth0.jwt.JWT; +import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; import com.onixbyte.helix.filter.TokenAuthenticationFilter; import com.onixbyte.helix.properties.CorsProperties; @@ -206,4 +208,11 @@ public class SecurityConfig { public Algorithm algorithm(TokenProperties properties) { return Algorithm.HMAC256(properties.secret()); } + + @Bean + public JWTVerifier verifier(Algorithm algorithm, TokenProperties tokenProperties) { + return JWT.require(algorithm) + .withIssuer(tokenProperties.issuer()) + .build(); + } } diff --git a/src/main/java/com/onixbyte/helix/filter/TokenAuthenticationFilter.java b/src/main/java/com/onixbyte/helix/filter/TokenAuthenticationFilter.java index a22d041..99d123b 100644 --- a/src/main/java/com/onixbyte/helix/filter/TokenAuthenticationFilter.java +++ b/src/main/java/com/onixbyte/helix/filter/TokenAuthenticationFilter.java @@ -3,6 +3,7 @@ package com.onixbyte.helix.filter; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTVerificationException; +import com.onixbyte.helix.client.TokenClient; import com.onixbyte.helix.manager.AuthorityManager; import com.onixbyte.helix.manager.UserManager; import com.onixbyte.helix.security.authentication.UsernamePasswordAuthentication; @@ -26,14 +27,18 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { private final static Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class); - private final Algorithm algorithm; private final UserManager userManager; private final AuthorityManager authorityManager; + private final TokenClient tokenClient; - public TokenAuthenticationFilter(Algorithm algorithm, UserManager userManager, AuthorityManager authorityManager) { - this.algorithm = algorithm; + public TokenAuthenticationFilter( + UserManager userManager, + AuthorityManager authorityManager, + TokenClient tokenClient + ) { this.userManager = userManager; this.authorityManager = authorityManager; + this.tokenClient = tokenClient; } @Override @@ -54,12 +59,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { } token = token.substring(7); - var verifier = JWT.require(algorithm) - .withIssuer("Helix Server") - .build(); - try { - var decodedToken = verifier.verify(token); + var decodedToken = tokenClient.verifyToken(token); var username = decodedToken.getSubject(); var user = userManager.selectByUsername(username);