From 5d36a7cec9313c556f5154883958d15746904275 Mon Sep 17 00:00:00 2001
From: "Ray.Hao" <1490493387@qq.com>
Date: Tue, 21 May 2024 10:47:49 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E9=87=8D=E6=9E=84=E6=97=B6=E7=BC=BA?=
 =?UTF-8?q?=E5=A4=B1token=E6=9C=89=E6=95=88=E6=9C=9F=E6=A0=A1=E9=AA=8C?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../system/filter/JwtValidationFilter.java    | 37 ++++++++++---------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/src/main/java/com/youlai/system/filter/JwtValidationFilter.java b/src/main/java/com/youlai/system/filter/JwtValidationFilter.java
index 64da1135..1a5f69b2 100644
--- a/src/main/java/com/youlai/system/filter/JwtValidationFilter.java
+++ b/src/main/java/com/youlai/system/filter/JwtValidationFilter.java
@@ -52,27 +52,30 @@ public class JwtValidationFilter extends OncePerRequestFilter {
         try {
             if (StrUtil.isNotBlank(token) && token.startsWith(SecurityConstants.JWT_TOKEN_PREFIX)) {
                 token = token.substring(SecurityConstants.JWT_TOKEN_PREFIX.length()); // 去除 Bearer 前缀
-                // 校验 Token 是否有效
-                if (JWTUtil.verify(token, secretKey)) {
-                    // 解析 Token 获取有效载荷
-                    JWT jwt = JWTUtil.parseToken(token);
-                    JSONObject payloads = jwt.getPayloads();
 
-                    // 检查 Token 是否已被加入黑名单
-                    String jti = payloads.getStr(JWTPayload.JWT_ID);
-                    boolean isTokenBlacklisted = Boolean.TRUE.equals(redisTemplate.hasKey(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti));
-                    if (isTokenBlacklisted) {
-                        ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
-                        return;
-                    }
-                    // Token 有效将其解析为 Authentication 对象，并设置到 Spring Security 上下文中
-                    Authentication authentication = JwtUtils.getAuthentication(payloads);
-                    SecurityContextHolder.getContext().setAuthentication(authentication);
-                } else {
-                    // Token 无效，直接返回响应
+                // 解析 Token
+                JWT jwt = JWTUtil.parseToken(token);
+
+                // 检查 Token 是否有效(验签 + 是否过期)
+                boolean isValidate = jwt.setKey(secretKey).validate(0);
+                if (!isValidate) {
                     ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
                     return;
                 }
+
+                // 检查 Token 是否已被加入黑名单(注销)
+                JSONObject payloads = jwt.getPayloads();
+                String jti = payloads.getStr(JWTPayload.JWT_ID);
+                boolean isTokenBlacklisted = Boolean.TRUE.equals(redisTemplate.hasKey(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti));
+                if (isTokenBlacklisted) {
+                    ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
+                    return;
+                }
+
+                // Token 有效将其解析为 Authentication 对象，并设置到 Spring Security 上下文中
+                Authentication authentication = JwtUtils.getAuthentication(payloads);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+
             }
         } catch (Exception e) {
             SecurityContextHolder.clearContext();