tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 重构时缺失token有效期校验问题修复

Browse Source
This commit is contained in:
Ray.Hao
2024-05-21 10:47:49 +08:00
parent feac84cdd8
commit 5d36a7cec9
1 changed files with 20 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/com/youlai/system/filter/JwtValidationFilter.java
View File

@@ -52,27 +52,30 @@ public class JwtValidationFilter extends OncePerRequestFilter {
try { try {
if (StrUtil.isNotBlank(token) && token.startsWith(SecurityConstants.JWT_TOKEN_PREFIX)) { if (StrUtil.isNotBlank(token) && token.startsWith(SecurityConstants.JWT_TOKEN_PREFIX)) {
token = token.substring(SecurityConstants.JWT_TOKEN_PREFIX.length()); // 去除 Bearer 前缀 token = token.substring(SecurityConstants.JWT_TOKEN_PREFIX.length()); // 去除 Bearer 前缀
// 校验 Token 是否有效
if (JWTUtil.verify(token, secretKey)) {
// 解析 Token 获取有效载荷
JWT jwt = JWTUtil.parseToken(token);
JSONObject payloads = jwt.getPayloads();
// 检查 Token 是否已被加入黑名单 // 解析 Token
JWT jwt = JWTUtil.parseToken(token);
// 检查 Token 是否有效(验签 + 是否过期)
boolean isValidate = jwt.setKey(secretKey).validate(0);
if (!isValidate) {
ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
return;
}
// 检查 Token 是否已被加入黑名单(注销)
JSONObject payloads = jwt.getPayloads();
String jti = payloads.getStr(JWTPayload.JWT_ID); String jti = payloads.getStr(JWTPayload.JWT_ID);
boolean isTokenBlacklisted = Boolean.TRUE.equals(redisTemplate.hasKey(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti)); boolean isTokenBlacklisted = Boolean.TRUE.equals(redisTemplate.hasKey(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti));
if (isTokenBlacklisted) { if (isTokenBlacklisted) {
ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID); ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
return; return;
} }
// Token 有效将其解析为 Authentication 对象,并设置到 Spring Security 上下文中 // Token 有效将其解析为 Authentication 对象,并设置到 Spring Security 上下文中
Authentication authentication = JwtUtils.getAuthentication(payloads); Authentication authentication = JwtUtils.getAuthentication(payloads);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
} else {
// Token 无效,直接返回响应
ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID);
return;
}
} }
} catch (Exception e) { } catch (Exception e) {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();