JHipster前端對JWT處理主要包括兩個方面:
- 請求後端授權後對token進行解析。
- 從localStorage或者sessionStorage中獲取token並放入請求報文。
JHipster沒有采用Spring Boot默認的formData以及/login, 而是json報文,/authenticate,代碼如下:
public doLogin(): void {
const data = { username: this.login, password: this.password, rememberMe: this.rememberMe };
axios
.post('api/authenticate', data)
.then(result => {
const bearerToken = result.headers.authorization;
if (bearerToken && bearerToken.slice(0, 7) === 'Bearer ') {
const jwt = bearerToken.slice(7, bearerToken.length);
if (this.rememberMe) {
localStorage.setItem('jhi-authenticationToken', jwt);
} else {
sessionStorage.setItem('jhi-authenticationToken', jwt);
}
}
this.authenticationError = false;
this.$root.$emit('bv::hide::modal', 'login-page');
this.accountService().retrieveAccount();
})
.catch(() => {
this.authenticationError = true;
});
}
授權成功後,利用axios攔截器功能在每一個報文請求header中添加token
const onRequestSuccess = config => {
const token = localStorage.getItem('jhi-authenticationToken') || sessionStorage.getItem('jhi-authenticationToken');
if (token) {
if (!config.headers) {
config.headers = {};
}
config.headers.Authorization = `Bearer ${token}`;
}
config.timeout = TIMEOUT;
config.url = `${SERVER_API_URL}${config.url}`;
return config;
};
這裏this.accountService().retrieveAccount()發出的請求中已經帶有token,在成功返回登錄用戶信息後,前端標記授權成功,並在localStorage中保存賬號信息。
public retrieveAccount(): void {
this.store.commit('authenticate');
axios
.get('api/account')
.then(response => {
const account = response.data;
if (account) {
this.store.commit('authenticated', account);
if (this.store.getters.currentLanguage !== account.langKey) {
this.store.commit('currentLanguage', account.langKey);
}
if (sessionStorage.getItem('requested-url')) {
this.router.replace(sessionStorage.getItem('requested-url'));
sessionStorage.removeItem('requested-url');
}
} else {
this.store.commit('logout');
this.router.push('/');
sessionStorage.removeItem('requested-url');
}
this.translationService.refreshTranslation(this.store.getters.currentLanguage);
})
.catch(() => {
this.store.commit('logout');
this.router.push('/');
});
最後是系統登出後對localStorage和sessionStorage進行清理。
public logout(): void {
localStorage.removeItem('jhi-authenticationToken');
sessionStorage.removeItem('jhi-authenticationToken');
this.$store.commit('logout');
this.$router.push('/');
}
Good Luck,
Cheers!