diff --git a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java index 4dee2a8df7..5d686c2abe 100644 --- a/backend/src/main/java/io/dataease/auth/config/F2CRealm.java +++ b/backend/src/main/java/io/dataease/auth/config/F2CRealm.java @@ -13,8 +13,9 @@ import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; -import javax.annotation.Resource; import java.util.Set; import java.util.stream.Collectors; @@ -23,7 +24,8 @@ import java.util.stream.Collectors; @Component public class F2CRealm extends AuthorizingRealm { - @Resource + @Autowired + @Lazy //shiro组件加载过早 让authUserService等一等再注入 否则 注入的可能不是代理对象 private AuthUserService authUserService; @@ -36,7 +38,6 @@ public class F2CRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Long userId = JWTUtils.tokenInfoByToken(principals.toString()).getUserId(); - //SysUserEntity user = authUserService.getUserById(userId); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); Set role = authUserService.roles(userId).stream().collect(Collectors.toSet()); simpleAuthorizationInfo.addRoles(role); diff --git a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java index 7a0602d105..3d05e91831 100644 --- a/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java +++ b/backend/src/main/java/io/dataease/auth/filter/JWTFilter.java @@ -45,8 +45,8 @@ public class JWTFilter extends BasicHttpAuthenticationFilter { protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = (HttpServletRequest) request; String authorization = httpServletRequest.getHeader("Authorization"); - - if (JWTUtils.needRefresh(authorization)){ + // 当没有出现登录超时 且需要刷新token 则执行刷新token + if (!JWTUtils.loginExpire(authorization) && JWTUtils.needRefresh(authorization)){ authorization = refreshToken(request, response); } JWTToken token = new JWTToken(authorization); @@ -81,7 +81,13 @@ public class JWTFilter extends BasicHttpAuthenticationFilter { AuthUserService authUserService = CommonBeanFactory.getBean(AuthUserService.class); SysUserEntity user = authUserService.getUserById(tokenInfo.getUserId()); String password = user.getPassword(); + + // 删除老token操作时间 + JWTUtils.removeTokenExpire(token); String newToken = JWTUtils.sign(tokenInfo, password); + // 记录新token操作时间 + JWTUtils.addTokenExpire(newToken); + JWTToken jwtToken = new JWTToken(newToken); this.getSubject(request, response).login(jwtToken); // 设置响应的Header头新Token diff --git a/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/backend/src/main/java/io/dataease/auth/server/AuthServer.java index bdb56b337b..474e013a69 100644 --- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java +++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java @@ -49,6 +49,8 @@ public class AuthServer implements AuthApi { Map result = new HashMap<>(); TokenInfo tokenInfo = TokenInfo.builder().userId(user.getUserId()).username(username).lastLoginTime(System.currentTimeMillis()).build(); String token = JWTUtils.sign(tokenInfo, realPwd); + // 记录token操作时间 + JWTUtils.addTokenExpire(token); result.put("token", token); ServletUtils.setToken(token); return result; @@ -79,6 +81,9 @@ public class AuthServer implements AuthApi { @Override public String test() { + SysUserEntity userById = authUserService.getUserById(4L); + String nickName = userById.getNickName(); + System.out.println(nickName); return "apple"; } } diff --git a/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java b/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java index 83cb7d8c34..b0b52dc508 100644 --- a/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java +++ b/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java @@ -35,6 +35,7 @@ public class ShiroServiceImpl implements ShiroService { // filterChainDefinitionMap.put("/404", "anon"); // 登陆 // filterChainDefinitionMap.put("/api/auth/logout", "anon"); + filterChainDefinitionMap.put("/api/auth/test", "anon"); filterChainDefinitionMap.put("/api/auth/login", "anon"); // 退出 diff --git a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java index 32b20022a7..a52c4d2485 100644 --- a/backend/src/main/java/io/dataease/auth/util/JWTUtils.java +++ b/backend/src/main/java/io/dataease/auth/util/JWTUtils.java @@ -6,9 +6,12 @@ import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTDecodeException; import com.auth0.jwt.interfaces.DecodedJWT; import io.dataease.auth.entity.TokenInfo; +import io.dataease.commons.utils.CommonBeanFactory; import io.dataease.commons.utils.ServletUtils; import org.apache.commons.lang3.ObjectUtils; import org.apache.commons.lang3.StringUtils; +import org.springframework.cache.Cache; +import org.springframework.cache.CacheManager; import javax.servlet.http.HttpServletResponse; import java.util.Date; @@ -19,7 +22,7 @@ public class JWTUtils { // token过期时间5min (过期会自动刷新续命 目的是避免一直都是同一个token ) private static final long EXPIRE_TIME = 1*60*1000; // 登录间隔时间10min 超过这个时间强制重新登录 - private static final long Login_Interval = 10*60*1000; + private static final long Login_Interval = 2*60*1000; /** @@ -36,9 +39,10 @@ public class JWTUtils { .withClaim("userId", tokenInfo.getUserId()) .build(); DecodedJWT jwt = verifier.verify(token); - Long lastLoginTime = jwt.getClaim("lastLoginTime").asLong(); + //Long lastLoginTime = jwt.getClaim("lastLoginTime").asLong(); + Long lastOperateTime = tokenLastOperateTime(token); long now = System.currentTimeMillis(); - if (now - lastLoginTime > Login_Interval){ + if (now - lastOperateTime > Login_Interval){ // 登录超时 HttpServletResponse response = ServletUtils.response(); response.addHeader("Access-Control-Expose-Headers", "authentication-status"); @@ -74,6 +78,17 @@ public class JWTUtils { return new Date().getTime() >= exp.getTime(); } + /** + * 当前token是否登录超时 + * @param token + * @return + */ + public static boolean loginExpire(String token){ + Long now = System.currentTimeMillis(); + Long lastOperateTime = tokenLastOperateTime(token); + return now - lastOperateTime > Login_Interval; + } + public static Date getExp(String token) { try { DecodedJWT jwt = JWT.decode(token); @@ -106,4 +121,28 @@ public class JWTUtils { return null; } } + + /** + * 获取当前token上次操作时间 + * @param token + * @return + */ + public static Long tokenLastOperateTime(String token){ + CacheManager cacheManager = CommonBeanFactory.getBean(CacheManager.class); + Cache tokens_expire = cacheManager.getCache("tokens_expire"); + Long expTime = tokens_expire.get(token, Long.class); + return expTime; + } + + public static void removeTokenExpire(String token){ + CacheManager cacheManager = CommonBeanFactory.getBean(CacheManager.class); + Cache tokens_expire = cacheManager.getCache("tokens_expire"); + tokens_expire.evict(token); + } + + public static void addTokenExpire(String token){ + CacheManager cacheManager = CommonBeanFactory.getBean(CacheManager.class); + Cache tokens_expire = cacheManager.getCache("tokens_expire"); + tokens_expire.put(token, System.currentTimeMillis()); + } } diff --git a/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/backend/src/main/java/io/dataease/service/sys/SysUserService.java index 70fce60ae4..4e0ae14d2b 100644 --- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java +++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java @@ -111,6 +111,7 @@ public class SysUserService { return sysUserMapper.updateByPrimaryKeySelective(sysUser); } + @CacheEvict(value = USER_CACHE_NAME, key = "'user' + #request.userId") public int adminUpdatePwd(SysUserPwdRequest request){ SysUser sysUser = new SysUser(); sysUser.setUserId(request.getUserId()); diff --git a/backend/src/main/resources/ehcache/ehcache.xml b/backend/src/main/resources/ehcache/ehcache.xml index 6af1c3769d..a5e5d7b09a 100644 --- a/backend/src/main/resources/ehcache/ehcache.xml +++ b/backend/src/main/resources/ehcache/ehcache.xml @@ -7,10 +7,10 @@ user.dir - 用户当前工作目录 java.io.tmpdir - 默认临时文件路径 --> - +