forked from github/dataease
Merge pull request #4457 from dataease/pr@dev@fix_token_valid_after_logout
fix(登录): 退出登录后token依然可用(jwt通病)
This commit is contained in:
fit2cloud-chenyw
GitHub
commit
1840a40fb3
@ -11,6 +11,7 @@ import io.dataease.auth.service.AuthUserService;
|
||||
import io.dataease.auth.util.JWTUtils;
|
||||
import io.dataease.commons.utils.BeanUtils;
|
||||
import io.dataease.commons.utils.LogUtil;
|
||||
import io.dataease.commons.utils.TokenCacheUtils;
|
||||
import io.dataease.listener.util.CacheUtils;
|
||||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
@ -83,6 +84,9 @@ public class F2CRealm extends AuthorizingRealm {
|
||||
token = (String) auth.getCredentials();
|
||||
// 解密获得username,用于和数据库进行对比
|
||||
tokenInfo = JWTUtils.tokenInfoByToken(token);
|
||||
if (!TokenCacheUtils.validate(token)) {
|
||||
throw new AuthenticationException("token invalid");
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new AuthenticationException(e);
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import io.dataease.auth.service.AuthUserService;
|
||||
import io.dataease.auth.util.JWTUtils;
|
||||
import io.dataease.commons.utils.CommonBeanFactory;
|
||||
import io.dataease.commons.utils.LogUtil;
|
||||
import io.dataease.commons.utils.TokenCacheUtils;
|
||||
import io.dataease.exception.DataEaseException;
|
||||
import io.dataease.i18n.Translator;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -65,6 +66,9 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
|
||||
if (StringUtils.startsWith(authorization, "Basic")) {
|
||||
return false;
|
||||
}
|
||||
if (!TokenCacheUtils.validate(authorization)) {
|
||||
throw new AuthenticationException(expireMessage);
|
||||
}
|
||||
// 当没有出现登录超时 且需要刷新token 则执行刷新token
|
||||
if (JWTUtils.loginExpire(authorization)) {
|
||||
throw new AuthenticationException(expireMessage);
|
||||
|
||||
@ -234,6 +234,7 @@ public class AuthServer implements AuthApi {
|
||||
if (StringUtils.isBlank(result)) {
|
||||
result = "success";
|
||||
}
|
||||
TokenCacheUtils.remove(token);
|
||||
} catch (Exception e) {
|
||||
LogUtil.error(e);
|
||||
if (StringUtils.isBlank(result)) {
|
||||
@ -287,6 +288,7 @@ public class AuthServer implements AuthApi {
|
||||
if (StringUtils.isBlank(result)) {
|
||||
result = "success";
|
||||
}
|
||||
TokenCacheUtils.remove(token);
|
||||
} catch (Exception e) {
|
||||
LogUtil.error(e);
|
||||
if (StringUtils.isBlank(result)) {
|
||||
|
||||
@ -10,6 +10,7 @@ import com.auth0.jwt.interfaces.Verification;
|
||||
import io.dataease.auth.entity.TokenInfo;
|
||||
import io.dataease.auth.entity.TokenInfo.TokenInfoBuilder;
|
||||
import io.dataease.commons.utils.CommonBeanFactory;
|
||||
import io.dataease.commons.utils.TokenCacheUtils;
|
||||
import io.dataease.exception.DataEaseException;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -117,7 +118,9 @@ public class JWTUtils {
|
||||
Builder builder = JWT.create()
|
||||
.withClaim("username", tokenInfo.getUsername())
|
||||
.withClaim("userId", tokenInfo.getUserId());
|
||||
return builder.withExpiresAt(date).sign(algorithm);
|
||||
String sign = builder.withExpiresAt(date).sign(algorithm);
|
||||
TokenCacheUtils.add(sign, tokenInfo.getUserId());
|
||||
return sign;
|
||||
|
||||
} catch (Exception e) {
|
||||
return null;
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
package io.dataease.commons.utils;
|
||||
|
||||
import io.dataease.listener.util.CacheUtils;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
public class TokenCacheUtils {
|
||||
|
||||
private static final String KEY = "sys_token_store";
|
||||
|
||||
public static void add(String token, Long userId) {
|
||||
CacheUtils.put(KEY, token, userId, null, null);
|
||||
}
|
||||
|
||||
public static void remove(String token) {
|
||||
CacheUtils.remove(KEY, token);
|
||||
}
|
||||
|
||||
public static boolean validate(String token) {
|
||||
Object sys_token_store = CacheUtils.get(KEY, token);
|
||||
return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString());
|
||||
}
|
||||
|
||||
public static boolean validate(String token, Long userId) {
|
||||
Object sys_token_store = CacheUtils.get(KEY, token);
|
||||
return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString()) && userId == Long.parseLong(sys_token_store.toString());
|
||||
}
|
||||
}
|
||||
@ -270,5 +270,14 @@
|
||||
memoryStoreEvictionPolicy="LRU"
|
||||
/>
|
||||
|
||||
<cache
|
||||
name="sys_token_store"
|
||||
eternal="true"
|
||||
maxElementsInMemory="100"
|
||||
maxElementsOnDisk="3000"
|
||||
overflowToDisk="true"
|
||||
diskPersistent="false"
|
||||
/>
|
||||
|
||||
|
||||
</ehcache>
|
||||
Loading…
Reference in New Issue
Block a user