diff --git a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java index 79744e0..819645c 100644 --- a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java +++ b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java @@ -6,6 +6,8 @@ import com.huoran.iasf.common.exception.code.BaseResponseCode; import com.huoran.iasf.common.utils.Constant; import com.huoran.iasf.common.utils.R; import com.huoran.iasf.common.utils.HttpContextUtils; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; import lombok.extern.slf4j.Slf4j; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.UsernamePasswordToken; @@ -25,6 +27,7 @@ import java.io.IOException; import java.io.OutputStream; import java.nio.charset.StandardCharsets; +import static com.huoran.iasf.service.HttpApiSessionService.*; import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; @@ -79,47 +82,33 @@ public class CustomAccessControlFilter extends AccessControlFilter { // 指定处理该请求的处理器 request.getRequestDispatcher(Constant.ERROR_CONTROLLER_PATH).forward(request, servletResponse); } - UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(token, token); - getSubject(servletRequest, servletResponse).login(usernamePasswordToken); - /*} catch (BusinessException exception) { - if (HttpContextUtils.isAjaxRequest(request)) { - customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse); - } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.TOKEN_ERROR.getCode()) { - servletRequest.getRequestDispatcher("/index/login").forward(servletRequest, servletResponse); - } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.UNAUTHORIZED_ERROR.getCode()) { - servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse); - } else { - servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse); - } - return false; - } catch (AuthenticationException e) { - if (HttpContextUtils.isAjaxRequest(request)) { - if (e.getCause() instanceof BusinessException) { - BusinessException exception = (BusinessException) e.getCause(); - customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse); - } else { - customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse); - } - } else { - servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse); - } - return false; - } catch (Exception e) { - if (HttpContextUtils.isAjaxRequest(request)) { - if (e.getCause() instanceof BusinessException) { - BusinessException exception = (BusinessException) e.getCause(); - customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse); - } else { - customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse); - } - } else { - servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse); + // 校验并解析token,如果token过期或者篡改,则会返回null + Claims claims = checkJWT(token); + if (null == claims) { + request.setAttribute("filterError", new BusinessException(BaseResponseCode.TOKEN_ERROR)); + // 指定处理该请求的处理器 + request.getRequestDispatcher(Constant.ERROR_CONTROLLER_PATH).forward(request, servletResponse); + }else { + UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(token, token); + getSubject(servletRequest, servletResponse).login(usernamePasswordToken); } - return false; - }*/ return true; } + /** + * 校验token + */ + public Claims checkJWT(String token) { + + try { + final Claims claims = Jwts.parser().setSigningKey(APP_SECRET). + parseClaimsJws(token).getBody(); + return claims; + } catch (Exception e) { + return null; + } + } + private void customResponse(int code, String msg, ServletResponse response) { try { R result = R.getResult(code, msg); diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index d893554..e09d6fb 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -6,9 +6,11 @@ spring: datasource: master: username: root - password: 123456 +# password: 123456 + password: iasf#2022 driver-class-name: com.mysql.cj.jdbc.Driver - url: jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8 + url: jdbc:mysql://127.0.0.1:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8 +# url: jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8 cache: type: redis redis: diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index f7653f7..bdbfb99 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -29,9 +29,9 @@ spring: passwordError: "user:password:error:" permissionRefresh: "user:token:permissionRefresh:" expire: - userToken: 604800 # 7天 7*24*3600 - passwordError: 3600 # 一个小时 - permissionRefresh: 604800 # 7天 7*24*3600 + userToken: 86400 # 1天 7*24*3600 + passwordError: 360000 # 一个小时 + permissionRefresh: 86400 # 1天 7*24*3600 allowMultipleLogin: true # 允许多处登陆 mybatis-plus: