From 4ed25232e249d1bb11c4acb3df9c07b066343026 Mon Sep 17 00:00:00 2001
From: zhanzhiqin <895896009@qq.com>
Date: 星期五, 22 四月 2022 11:00:37 +0800
Subject: [PATCH] fix
---
sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java | 20 ++++++++++++++++++--
1 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java b/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
index acb61cf..5a9c312 100644
--- a/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
+++ b/sandu-common/src/main/java/com/sandu/common/security/token/JwtTokenProvider.java
@@ -1,14 +1,19 @@
package com.sandu.common.security.token;
import com.sandu.common.enums.AdminStatusStatus;
+import com.sandu.common.execption.BusinessException;
+import com.sandu.common.redis.RedisService;
import com.sandu.common.security.LoginUserInfo;
import com.sandu.common.security.config.SecurityProperties;
+import com.sandu.common.util.SpringContextHolder;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.DecodingException;
import io.jsonwebtoken.security.Keys;
+import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.autoconfigure.cache.CacheProperties;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
@@ -47,14 +52,14 @@
if (loginUserInfo.getUserId() == null) {
throw new IllegalArgumentException("鐢ㄦ埛id涓嶈兘涓虹┖");
}
+ RedisService redisService = SpringContextHolder.getBean(RedisService.class);
String authorities = loginUserInfo.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
long now = (new Date()).getTime();
Date expiration = new Date(now + properties.getTokenValidityInSeconds());
-
- return Jwts.builder()
+ String token = Jwts.builder()
.setSubject(loginUserInfo.getUserId().toString())
.claim(AUTHORITIES_KEY, authorities)
.claim(CREDENTIALS_KEY, loginUserInfo.getAccount())
@@ -62,11 +67,17 @@
.setExpiration(expiration)
.signWith(key, SignatureAlgorithm.HS512)
.compact();
+
+ String key = String.format("%d_%d", loginUserInfo.getUserId(), loginUserInfo.getAdministratorType());
+ redisService.set(key, token);
+ return token;
}
@Override
public LoginUserInfo validateToken(String token) {
try {
+ RedisService redisService = SpringContextHolder.getBean(RedisService.class);
+
Claims claims = Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
LoginUserInfo loginUserInfo = new LoginUserInfo();
loginUserInfo.setUserId(Long.valueOf(claims.getSubject()));
@@ -75,6 +86,11 @@
loginUserInfo.setAdministratorType(Integer.parseInt(claims.get(ADMINISTRATOR_KEY).toString()));
loginUserInfo.setToken(token);
loginUserInfo.setStatus(AdminStatusStatus.NORMAL.getCode());
+ String key = String.format("%d_%d", loginUserInfo.getUserId(), loginUserInfo.getAdministratorType());
+ String redisToken = String.valueOf(redisService.get(key));
+ if (redisToken == null || !token.equals(redisToken)) {
+ throw new BusinessException("token鏃犳晥");
+ }
return loginUserInfo;
} catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException e) {
log.info("Invalid JWT signature.");
--
Gitblit v1.9.3