From 4ed25232e249d1bb11c4acb3df9c07b066343026 Mon Sep 17 00:00:00 2001
From: zhanzhiqin <895896009@qq.com>
Date: 星期五, 22 四月 2022 11:00:37 +0800
Subject: [PATCH] fix
---
ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java | 14 ++++++++++++++
sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java | 20 ++++++++++++++++++--
sandu-common/src/main/java/com/sandu/common/security/token/RedisTokenProvider.java | 11 ++++++-----
3 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java b/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
index acb61cf..5a9c312 100644
--- a/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
+++ b/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
@@ -1,14 +1,19 @@
package com.sandu.common.security.token;
import com.sandu.common.enums.AdminStatusStatus;
+import com.sandu.common.execption.BusinessException;
+import com.sandu.common.redis.RedisService;
import com.sandu.common.security.LoginUserInfo;
import com.sandu.common.security.config.SecurityProperties;
+import com.sandu.common.util.SpringContextHolder;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DecodingException;
import io.jsonwebtoken.security.Keys;
+import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.autoconfigure.cache.CacheProperties;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
@@ -47,14 +52,14 @@
if (loginUserInfo.getUserId() == null) {
throw new IllegalArgumentException("鐢ㄦ埛id涓嶈兘涓虹┖");
}
+ RedisService redisService = SpringContextHolder.getBean(RedisService.class);
String authorities = loginUserInfo.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
long now = (new Date()).getTime();
Date expiration = new Date(now + properties.getTokenValidityInSeconds());
-
- return Jwts.builder()
+ String token = Jwts.builder()
.setSubject(loginUserInfo.getUserId().toString())
.claim(AUTHORITIES_KEY, authorities)
.claim(CREDENTIALS_KEY, loginUserInfo.getAccount())
@@ -62,11 +67,17 @@
.setExpiration(expiration)
.signWith(key, SignatureAlgorithm.HS512)
.compact();
+
+ String key = String.format("%d_%d", loginUserInfo.getUserId(), loginUserInfo.getAdministratorType());
+ redisService.set(key, token);
+ return token;
}
@Override
public LoginUserInfo validateToken(String token) {
try {
+ RedisService redisService = SpringContextHolder.getBean(RedisService.class);
+
Claims claims = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
LoginUserInfo loginUserInfo = new LoginUserInfo();
loginUserInfo.setUserId(Long.valueOf(claims.getSubject()));
@@ -75,6 +86,11 @@
loginUserInfo.setAdministratorType(Integer.parseInt(claims.get(ADMINISTRATOR_KEY).toString()));
loginUserInfo.setToken(token);
loginUserInfo.setStatus(AdminStatusStatus.NORMAL.getCode());
+ String key = String.format("%d_%d", loginUserInfo.getUserId(), loginUserInfo.getAdministratorType());
+ String redisToken = String.valueOf(redisService.get(key));
+ if (redisToken == null || !token.equals(redisToken)) {
+ throw new BusinessException("token鏃犳晥");
+ }
return loginUserInfo;
} catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
log.info("Invalid JWT signature.");
diff --git a/sandu-common/src/main/java/com/sandu/common/security/token/RedisTokenProvider.java b/sandu-common/src/main/java/com/sandu/common/security/token/RedisTokenProvider.java
index a1da728..7030307 100644
--- a/sandu-common/src/main/java/com/sandu/common/security/token/RedisTokenProvider.java
+++ b/sandu-common/src/main/java/com/sandu/common/security/token/RedisTokenProvider.java
@@ -27,8 +27,8 @@
String token = IdUtil.simpleUUID();
loginUserInfo.setToken(token);
loginUserInfo.setCreateTimestamp(System.currentTimeMillis());
- redisService.set(UserModel.USER_TOKEN.key(token), loginUserInfo.getUserId(), UserModel.USER_TOKEN.expireSeconds());
- redisService.set(UserModel.USER_INFO.key(loginUserInfo.getUserId().toString()), loginUserInfo);
+ redisService.set(UserModel.USER_TOKEN.key(token), loginUserInfo, UserModel.USER_TOKEN.expireSeconds());
+ redisService.set(UserModel.USER_INFO.key(loginUserInfo.getUserId().toString() + loginUserInfo.getAdministratorType()), loginUserInfo);
return token;
}
@@ -37,11 +37,12 @@
if (token == null) {
return null;
}
- Long userId = (Long) redisService.get(UserModel.USER_TOKEN.key(token));
- if (userId == null) {
+ LoginUserInfo loginUserInfo = (LoginUserInfo) redisService.get(UserModel.USER_TOKEN.key(token));
+ if (loginUserInfo == null) {
return null;
}
- LoginUserInfo userInfo = (LoginUserInfo) redisService.get(UserModel.USER_INFO.key(userId.toString()));
+ LoginUserInfo userInfo
+ = (LoginUserInfo) redisService.get(UserModel.USER_INFO.key(loginUserInfo.getUserId().toString() + loginUserInfo.getAdministratorType().toString()));
if (userInfo != null) {
if (redisService.getExpire(token) < UserModel.USER_TOKEN.expireSeconds()) {
redisService.expire(token, UserModel.USER_TOKEN.expireSeconds());
diff --git a/ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java b/ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java
index 296b992..665bc71 100644
--- a/ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java
+++ b/ximon-admin/src/main/java/com/sandu/ximon/admin/controller/AdminController.java
@@ -10,6 +10,8 @@
import com.sandu.common.execption.BusinessException;
import com.sandu.common.log.Log;
import com.sandu.common.object.BaseConditionVO;
+import com.sandu.common.redis.RedisService;
+import com.sandu.common.redis.UserModel;
import com.sandu.common.security.LoginUserInfo;
import com.sandu.common.security.annotation.AnonymousAccess;
import com.sandu.common.security.config.SecurityProperties;
@@ -59,6 +61,7 @@
private final TokenProvider tokenProvider;
private final AdminRoleRelationService adminRoleRelationService;
private PermissionConfig permissionConfig;
+ private final RedisService redisService;
@Log("鍚庡彴鐢ㄦ埛鐧诲綍")
@AnonymousAccess
@@ -144,6 +147,17 @@
return ResponseUtil.success(builder.build());
}
+ @GetMapping(value = "/logout")
+ public ResponseVO<Object> LogOut() {
+// redisService.set(UserModel.USER_INFO.key(SecurityUtils.getUserId().toString() + SecurityUtils.getUserDetails().getAdministratorType()), null);
+// redisService.set(UserModel.USER_TOKEN.key(UserModel.USER_TOKEN.key(SecurityUtils.getUserDetails().getToken())), null);
+
+
+ String key = String.format("%d_%d", SecurityUtils.getUserDetails().getUserId(), SecurityUtils.getUserDetails().getAdministratorType());
+ redisService.set(key, null);
+ return ResponseUtil.success("閫�鍑虹櫥褰曟垚鍔�");
+ }
+
private MenuNode covertMenuNode(Menu menu, List<Menu> menuList) {
MenuNode node = new MenuNode();
BeanUtils.copyProperties(menu, node);
--
Gitblit v1.9.3