配置提交

2 years ago · 14ac468f8e
parent f2d4bb224a
commit 14ac468f8e
3 changed files with 33 additions and 42 deletions
--- a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
+++ b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
@ -6,6 +6,8 @@ import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.common.utils.Constant;
 import com.huoran.iasf.common.utils.R;
 import com.huoran.iasf.common.utils.HttpContextUtils;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.UsernamePasswordToken;
@ -25,6 +27,7 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;

+import static com.huoran.iasf.service.HttpApiSessionService.*;
 import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;


@ -79,45 +82,31 @@ public class CustomAccessControlFilter extends AccessControlFilter {
                // 指定处理该请求的处理器
                request.getRequestDispatcher(Constant.ERROR_CONTROLLER_PATH).forward(request, servletResponse);
            }
+            //  校验并解析token，如果token过期或者篡改，则会返回null
+            Claims claims = checkJWT(token);
+            if (null == claims) {
+                request.setAttribute("filterError", new BusinessException(BaseResponseCode.TOKEN_ERROR));
+                // 指定处理该请求的处理器
+                request.getRequestDispatcher(Constant.ERROR_CONTROLLER_PATH).forward(request, servletResponse);
+            }else {
                UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(token, token);
                getSubject(servletRequest, servletResponse).login(usernamePasswordToken);
-        /*} catch (BusinessException exception) {
-            if (HttpContextUtils.isAjaxRequest(request)) {
-                customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
-            } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.TOKEN_ERROR.getCode()) {
-                servletRequest.getRequestDispatcher("/index/login").forward(servletRequest, servletResponse);
-            } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.UNAUTHORIZED_ERROR.getCode()) {
-                servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse);
-            } else {
-                servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse);
            }
-            return false;
-        } catch (AuthenticationException e) {
-            if (HttpContextUtils.isAjaxRequest(request)) {
-                if (e.getCause() instanceof BusinessException) {
-                    BusinessException exception = (BusinessException) e.getCause();
-                    customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
-                } else {
-                    customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse);
-                }
-            } else {
-                servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse);
+        return true;
    }
-            return false;
+
+    /**
+     * 校验token
+     */
+    public Claims checkJWT(String token) {
+
+        try {
+            final Claims claims = Jwts.parser().setSigningKey(APP_SECRET).
+                    parseClaimsJws(token).getBody();
+            return claims;
        } catch (Exception e) {
-            if (HttpContextUtils.isAjaxRequest(request)) {
-                if (e.getCause() instanceof BusinessException) {
-                    BusinessException exception = (BusinessException) e.getCause();
-                    customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
-                } else {
-                    customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse);
-                }
-            } else {
-                servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse);
+            return null;
        }
-            return false;
-        }*/
-        return true;
    }

    private void customResponse(int code, String msg, ServletResponse response) {
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@ -6,9 +6,11 @@ spring:
      datasource:
        master:
          username: root
-          password: 123456
+#          password: 123456
+          password: iasf#2022
          driver-class-name: com.mysql.cj.jdbc.Driver
-          url: jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
+          url: jdbc:mysql://127.0.0.1:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
+#          url: jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
  cache:
    type: redis
  redis:
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -29,9 +29,9 @@ spring:
        passwordError: "user:password:error:"
        permissionRefresh: "user:token:permissionRefresh:"
      expire:
-        userToken: 604800 # 7天 7*24*3600
-        passwordError: 3600 # 一个小时
-        permissionRefresh: 604800 # 7天 7*24*3600
+        userToken: 86400 # 1天 7*24*3600
+        passwordError: 360000 # 一个小时
+        permissionRefresh: 86400 # 1天 7*24*3600
    allowMultipleLogin: true # 允许多处登陆

 mybatis-plus: