006 簽發的用戶認證token超時刷新策略

• 參考文獻：https://blog.csdn.net/sinat_25235033/article/details/80324006
• 文獻缺點：用的是id，這樣多個用戶登錄同一個賬戶就有問題，只要我知道你的用戶id，其他人登錄一下，這邊就可以無限登錄
  

1.登錄時保存到redis

redisTemplate.opsForValue().set("jwt_session_"+token, JSONObject.toJSONString(map),120, TimeUnit.SECONDS);

public R login(UserEntity user, String smsCode,String loginType) throws Exception {
    R info = userService.getLoginUser(user.getUsername(),user.getTelPhone(), user.getPassword(), smsCode, loginType);
        UserEntity entity=new UserEntity();
    	entity = (UserEntity) info.get("entity");
    	String token=jwtTokenUtil.generateToken(new JWTInfo(entity.getId(), entity.getUsername(), entity.getRealname(),entity.getTelPhone(),entity.getIconImg(),entity.getOrgId(),entity.getClientId()));
    	Map<String, String> map = new HashMap<String,String>();
        map.put("id",entity.getId());
        map.put("account",entity.getUsername());
        map.put("realname",entity.getRealname());
        map.put("phone",entity.getTelPhone());
        map.put("headImg",entity.getIconImg());
        map.put("orgId",entity.getOrgId());
        map.put("clientId",entity.getClientId());
        map.put("token",token);
    	redisTemplate.opsForValue().set("jwt_session_"+token, JSONObject.toJSONString(map),120, TimeUnit.SECONDS);
    	return R.ok().put("token",token);
}

2.訪問超時是刷新token

    /**
     * 獲取token中的用戶信息
     *
     * @param token
     * @param pubKeyPath
     * @return
     * @throws Exception
     */
    public  JWTInfo getInfoFromToken(String token) throws Exception {
    	System.out.println("驗證token:"+token);
    	//1. 通過redis獲取它實際的token
		Object json =redisTemplate.opsForValue().get("jwt_session_"+token);
		//2. redis就獲取，沒有就過期
		if(ObjectUtils.isEmpty(json)){
			throw new Exception("token已失效!");
		}
    	Algorithm algorithm = Algorithm.HMAC256("epf123");
    	JWTVerifier verifier = JWT.require(algorithm).withIssuer("ADMIN").build();
		//3. 再看redis裏面的真實token是否過期
		Map maps = (Map)JSON.parse(json.toString());
		try{
			//4.沒有過期就直接獲取內容返回
			DecodedJWT jwt = verifier.verify(maps.get("token").toString());
			String subject = jwt.getSubject();
			List<String> audience = jwt.getAudience();
			Map<String, Claim> claims = jwt.getClaims();
			JWTInfo jwtInfo =new JWTInfo(claims.get("id").asString(), claims.get("account").asString(), claims.get("realname").asString(),claims.get("phone").asString() ,claims.get("headImg").asString() ,claims.get("orgId").asString(),claims.get("clientId").asString() );
			return jwtInfo;
		}catch(Exception e){
			try{
				//5. 過期就重新生成token,並保存到redis裏面，刷新token
				JWTInfo jwtInfo=new JWTInfo(maps.get("id").toString(), maps.get("account").toString(), maps.get("realname").toString(),"","",maps.get("orgId").toString(),"");
				String refreshToken=jwtTokenUtil.generateToken(jwtInfo);
				//刷新舊的token
				maps.put("token",refreshToken);
				redisTemplate.opsForValue().set("jwt_session_"+token, JSONObject.toJSONString(maps),600, TimeUnit.SECONDS);
				return jwtInfo;
			}catch (Exception e2){
				e2.printStackTrace();
				return null;
			}

		}
    }