@ConditionalOnClass({JWT.class, DefaultWebSecurityManager.class})
@EnableConfigurationProperties(AuthConfig.class)
@ConditionalOnBean(AuthService.class)
@Configuration
@AutoConfigureAfter(WebMvcAutoConfiguration.class)
public class AuthAutoConfiguration {
@Bean
@ConditionalOnMissingBean
AuthRealm authRealm(AuthService authService) {
AuthRealm realm = new AuthRealm(authService);
//需要指定具体的AuthenticationToken
realm.setAuthenticationTokenClass(JWTToken.class);
return realm;
}
}
而具体的AuthenticationToken即这里的JWTToken为
@EqualsAndHashCode(of = "token")
public class JWTToken implements AuthenticationToken
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import org.apache.shiro.authc.AuthenticationToken;
@EqualsAndHashCode(of = "token")
public class JWTToken implements AuthenticationToken {
@Getter
private String token;
@Getter
private DecodedJWT decodedToken;
public JWTToken(String token){
this.token = token;
this.decodedToken = JWT.decode(token);
}
//用户名ID等
@Override
public Object getPrincipal() {
return decodedToken;
}
//密码
@Override
public Object getCredentials() {
return token;
}
}