forked from github/dataease
Merge pull request #4457 from dataease/pr@dev@fix_token_valid_after_logout
fix(登录): 退出登录后token依然可用(jwt通病)
This commit is contained in:
fit2cloud-chenyw
GitHub
commit
1840a40fb3
@ -11,6 +11,7 @@ import io.dataease.auth.service.AuthUserService;
|
|||||||
import io.dataease.auth.util.JWTUtils;
|
import io.dataease.auth.util.JWTUtils;
|
||||||
import io.dataease.commons.utils.BeanUtils;
|
import io.dataease.commons.utils.BeanUtils;
|
||||||
import io.dataease.commons.utils.LogUtil;
|
import io.dataease.commons.utils.LogUtil;
|
||||||
|
import io.dataease.commons.utils.TokenCacheUtils;
|
||||||
import io.dataease.listener.util.CacheUtils;
|
import io.dataease.listener.util.CacheUtils;
|
||||||
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.*;
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
@ -83,6 +84,9 @@ public class F2CRealm extends AuthorizingRealm {
|
|||||||
token = (String) auth.getCredentials();
|
token = (String) auth.getCredentials();
|
||||||
// 解密获得username,用于和数据库进行对比
|
// 解密获得username,用于和数据库进行对比
|
||||||
tokenInfo = JWTUtils.tokenInfoByToken(token);
|
tokenInfo = JWTUtils.tokenInfoByToken(token);
|
||||||
|
if (!TokenCacheUtils.validate(token)) {
|
||||||
|
throw new AuthenticationException("token invalid");
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new AuthenticationException(e);
|
throw new AuthenticationException(e);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -10,6 +10,7 @@ import io.dataease.auth.service.AuthUserService;
|
|||||||
import io.dataease.auth.util.JWTUtils;
|
import io.dataease.auth.util.JWTUtils;
|
||||||
import io.dataease.commons.utils.CommonBeanFactory;
|
import io.dataease.commons.utils.CommonBeanFactory;
|
||||||
import io.dataease.commons.utils.LogUtil;
|
import io.dataease.commons.utils.LogUtil;
|
||||||
|
import io.dataease.commons.utils.TokenCacheUtils;
|
||||||
import io.dataease.exception.DataEaseException;
|
import io.dataease.exception.DataEaseException;
|
||||||
import io.dataease.i18n.Translator;
|
import io.dataease.i18n.Translator;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
@ -65,6 +66,9 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
|
|||||||
if (StringUtils.startsWith(authorization, "Basic")) {
|
if (StringUtils.startsWith(authorization, "Basic")) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (!TokenCacheUtils.validate(authorization)) {
|
||||||
|
throw new AuthenticationException(expireMessage);
|
||||||
|
}
|
||||||
// 当没有出现登录超时 且需要刷新token 则执行刷新token
|
// 当没有出现登录超时 且需要刷新token 则执行刷新token
|
||||||
if (JWTUtils.loginExpire(authorization)) {
|
if (JWTUtils.loginExpire(authorization)) {
|
||||||
throw new AuthenticationException(expireMessage);
|
throw new AuthenticationException(expireMessage);
|
||||||
|
|||||||
@ -234,6 +234,7 @@ public class AuthServer implements AuthApi {
|
|||||||
if (StringUtils.isBlank(result)) {
|
if (StringUtils.isBlank(result)) {
|
||||||
result = "success";
|
result = "success";
|
||||||
}
|
}
|
||||||
|
TokenCacheUtils.remove(token);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LogUtil.error(e);
|
LogUtil.error(e);
|
||||||
if (StringUtils.isBlank(result)) {
|
if (StringUtils.isBlank(result)) {
|
||||||
@ -287,6 +288,7 @@ public class AuthServer implements AuthApi {
|
|||||||
if (StringUtils.isBlank(result)) {
|
if (StringUtils.isBlank(result)) {
|
||||||
result = "success";
|
result = "success";
|
||||||
}
|
}
|
||||||
|
TokenCacheUtils.remove(token);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
LogUtil.error(e);
|
LogUtil.error(e);
|
||||||
if (StringUtils.isBlank(result)) {
|
if (StringUtils.isBlank(result)) {
|
||||||
|
|||||||
@ -10,6 +10,7 @@ import com.auth0.jwt.interfaces.Verification;
|
|||||||
import io.dataease.auth.entity.TokenInfo;
|
import io.dataease.auth.entity.TokenInfo;
|
||||||
import io.dataease.auth.entity.TokenInfo.TokenInfoBuilder;
|
import io.dataease.auth.entity.TokenInfo.TokenInfoBuilder;
|
||||||
import io.dataease.commons.utils.CommonBeanFactory;
|
import io.dataease.commons.utils.CommonBeanFactory;
|
||||||
|
import io.dataease.commons.utils.TokenCacheUtils;
|
||||||
import io.dataease.exception.DataEaseException;
|
import io.dataease.exception.DataEaseException;
|
||||||
import org.apache.commons.lang3.ObjectUtils;
|
import org.apache.commons.lang3.ObjectUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
@ -117,7 +118,9 @@ public class JWTUtils {
|
|||||||
Builder builder = JWT.create()
|
Builder builder = JWT.create()
|
||||||
.withClaim("username", tokenInfo.getUsername())
|
.withClaim("username", tokenInfo.getUsername())
|
||||||
.withClaim("userId", tokenInfo.getUserId());
|
.withClaim("userId", tokenInfo.getUserId());
|
||||||
return builder.withExpiresAt(date).sign(algorithm);
|
String sign = builder.withExpiresAt(date).sign(algorithm);
|
||||||
|
TokenCacheUtils.add(sign, tokenInfo.getUserId());
|
||||||
|
return sign;
|
||||||
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return null;
|
return null;
|
||||||
|
|||||||
@ -0,0 +1,28 @@
|
|||||||
|
package io.dataease.commons.utils;
|
||||||
|
|
||||||
|
import io.dataease.listener.util.CacheUtils;
|
||||||
|
import org.apache.commons.lang3.ObjectUtils;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
|
public class TokenCacheUtils {
|
||||||
|
|
||||||
|
private static final String KEY = "sys_token_store";
|
||||||
|
|
||||||
|
public static void add(String token, Long userId) {
|
||||||
|
CacheUtils.put(KEY, token, userId, null, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void remove(String token) {
|
||||||
|
CacheUtils.remove(KEY, token);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean validate(String token) {
|
||||||
|
Object sys_token_store = CacheUtils.get(KEY, token);
|
||||||
|
return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString());
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean validate(String token, Long userId) {
|
||||||
|
Object sys_token_store = CacheUtils.get(KEY, token);
|
||||||
|
return ObjectUtils.isNotEmpty(sys_token_store) && StringUtils.isNotBlank(sys_token_store.toString()) && userId == Long.parseLong(sys_token_store.toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -270,5 +270,14 @@
|
|||||||
memoryStoreEvictionPolicy="LRU"
|
memoryStoreEvictionPolicy="LRU"
|
||||||
/>
|
/>
|
||||||
|
|
||||||
|
<cache
|
||||||
|
name="sys_token_store"
|
||||||
|
eternal="true"
|
||||||
|
maxElementsInMemory="100"
|
||||||
|
maxElementsOnDisk="3000"
|
||||||
|
overflowToDisk="true"
|
||||||
|
diskPersistent="false"
|
||||||
|
/>
|
||||||
|
|
||||||
|
|
||||||
</ehcache>
|
</ehcache>
|
||||||
Loading…
Reference in New Issue
Block a user