onlyoffice docker启用jwt并生成jwt
一、说明
本文是docker教程,linux/win的安装版本也类似,只需要修改配置文件中的secrt就可以了【Configuring JWT for ONLYOFFICE Docs - ONLYOFFICE】
二、正文开始
docker启动时候如果不想使用jwt,加上参数-e JWT_ENABLED=false就可以了,比如:
docker run --name=oo -i -t -d -p 10100:80 --restart=always -e JWT_ENABLED=false 镜像基地址
如果想使用jwt,防止资源滥用,就这样写:
docker run --name=oo -i -t -d -p 10100:80 --restart=always -e JWT_ENABLED=true -e JWT_SECRET=【这里写自己的秘钥】 镜像地址
两者的却别在于,开启jwt,并配置秘钥,这里注意,docker不需要修改配置文件,直接使用参数就行,不要修改配置文件,如果修改了local.json,容器重启后就会失效!!!
-e JWT_ENABLED=true
-e JWT_SECRET=【这里写自己的秘钥】
三、jwt生成方式
1、首先记住你上面的秘钥
2、你的config
一般来说,config是由后端生成好传递给前端的,比如说,生成出来是这个样子的,这个格式将作为jwt的加密体,前端收到后,千万不要修改,千万不要修改!!!!!
{"type": "desktop","documentType": "word","historyList": {"history": [],"currentVersion": "1"},"document": {"title": "【经营】通用合同模板.docx","url": "http://47.94.91.67/demo_file/comment_test.docx","permissions": {"print": true,"download": true,"edit": true},"attachId": "e932e7bb1e4d449aa9a7d8b403b4b517","fileType": "docx","key": "ccef18593ef90976d4b5d9"},"editorConfig": {"canCoAuthoring": false,"customization": {"chat": false,"about": false,"feedback": false,"compactHeader": false,"displayTitle": true,"leftMenu": false,"rightMenu": false,"autosave": false,"compactToolbar": false,"forcesave": true,"toolbarNoTabs": true,"help": false,"hideRightMenu": true,"plugins": true,"logo": {"image": "http://192.168.71.162:8083/onlyoffice_logo.png","imageEmbedded": "http://192.168.71.162:8083/only_office_embedded.png","url": "https://oav3.kmxxg.cn/","imageDark": "http://192.168.71.162:8083/onlyoffice_logo.png"}},"mode": "view","callbackUrl": "https://www.onlyoffice.com:443/callback.ashx?from=office-suite","lang": "zh-CN","user": {"name": "曹瑞剑雄","id": "104"}}
}
3、使用jwt加密
对你生成的config进行加密,比如说你的config像第【2】步一样,这一步也是后端,我用的是java demo:
String config = "{\"type\":\"desktop\",\"documentType\":\"word\",\"historyList\":{\"history\":[],\"currentVersion\":\"1\"},\"document\":{\"title\":\"【经营】通用合同模板.docx\",\"url\":\"http://47.94.91.67/demo_file/comment_test.docx\",\"permissions\":{\"print\":true,\"download\":true,\"edit\":true},\"attachId\":\"e932e7bb1e4d449aa9a7d8b403b4b517\",\"fileType\":\"docx\",\"key\":\"ccef18593ef90976d4b5d9\"},\"editorConfig\":{\"canCoAuthoring\":false,\"customization\":{\"chat\":false,\"about\":false,\"feedback\":false,\"compactHeader\":false,\"displayTitle\":true,\"leftMenu\":false,\"rightMenu\":false,\"autosave\":false,\"compactToolbar\":false,\"forcesave\":true,\"toolbarNoTabs\":true,\"help\":false,\"hideRightMenu\":true,\"plugins\":true,\"logo\":{\"image\":\"http://192.168.71.162:8083/onlyoffice_logo.png\",\"imageEmbedded\":\"http://192.168.71.162:8083/only_office_embedded.png\",\"url\":\"https://oav3.kmxxg.cn/\",\"imageDark\":\"http://192.168.71.162:8083/onlyoffice_logo.png\"}},\"mode\":\"view\",\"callbackUrl\":\"https://www.onlyoffice.com:443/callback.ashx?from=office-suite\",\"lang\":\"zh-CN\",\"user\":{\"name\":\"曹瑞剑雄\",\"id\":\"104\"}}}";
JSONObject jsonObject = JSONUtil.parseObj(config);
String tokenSecret = "你的秘钥";
Map<String, Object> payloadClaims = BeanUtil.beanToMap(jsonObject);
String token = "";
try {Signer signer = HMACSigner.newSHA256Signer(tokenSecret);JWT jwt = new JWT();for (String key : payloadClaims.keySet()) {jwt.addClaim(key, payloadClaims.get(key));}token = JWT.getEncoder().encode(jwt, signer);
} catch (Exception e) {token = "";
}
4、token生成使用
token生成后,set 进去你的 config 中,然后把新的 config 返回给前端就可以了,比如:
5、前端使用方式
前端拿到这个config后,在初始化only的时候不建议修改里面的内容,会导致jwt解析与传入的config不一致导致验证失败。所以拿到内容后直接初始化即可。
四、后端用到的 jwt 插件
<dependency><groupId>com.inversoft</groupId><artifactId>prime-jwt</artifactId><version>1.3.1</version>
</dependency>