解决注销会话标识未失效

license/src/main/java/iot/sixiang/license/controller/LoginController.java

@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import iot.sixiang.license.jwt.JwtUtil;
 import iot.sixiang.license.jwt.LoginUser;
+import iot.sixiang.license.jwt.UserUtils;
 import iot.sixiang.license.log.BusinessType;
 import iot.sixiang.license.log.MyLog;
 import iot.sixiang.license.model.BaseResult;
@@ -53,6 +54,7 @@ public class LoginController {
                 String token = JwtUtil.createToken(dbUser);
                 LoginVo loginVo = new LoginVo();
                 loginVo.setAuthorization(token);
+                UserUtils.setToken(dbUser.getUserId(),token);
                 return ResResult.success().goRecord(loginVo);
             }
         }
@@ -63,6 +65,8 @@ public class LoginController {
     @GetMapping("logout")
     @MyLog(title = "注销", businessType = BusinessType.OTHER)
     public BaseResult logout() {
+        String loginUserId = UserUtils.getLoginUserId();
+        UserUtils.removeToken(loginUserId);
         return BaseResult.success();
     }
 

license/src/main/java/iot/sixiang/license/jwt/JwtFilter.java

@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import iot.sixiang.license.xss.XssUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.util.StringUtils;
 
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
@@ -54,7 +55,7 @@ public class JwtFilter implements Filter {
             return;
         }
 
-        if (token == null) {
+        if (StringUtils.isEmpty(token)) {
             request.setAttribute("msg","认证信息不能为空");
             request.getRequestDispatcher("/fail").forward(request, response);
             return;
@@ -74,11 +75,15 @@ public class JwtFilter implements Filter {
                 String userId = userData.get("userId").asString();
                 String userName = userData.get("userName").asString();
                 String password = userData.get("password").asString();
-
                 LoginUser loginUser = new LoginUser(userId, userName, password);
-                UserUtils.setLoginUser(loginUser);
-                UserUtils.setUri(uri);
-                filterChain.doFilter(request, response);
+                if (token.equals(UserUtils.getToken(userId))) {
+                    UserUtils.setLoginUser(loginUser);
+                    UserUtils.setUri(uri);
+                    filterChain.doFilter(request, response);
+                } else {
+                    request.setAttribute("msg","token已失效");
+                    request.getRequestDispatcher("/fail").forward(request, response);
+                }
             }
         }
     }

license/src/main/java/iot/sixiang/license/jwt/UserUtils.java

 package iot.sixiang.license.jwt;
 
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * 存储/获取当前线程的用户信息工具类
  */
 public abstract class UserUtils {
 
+    static Map<String, String> tokenMap = new HashMap<>();
     //线程变量，存放user实体类信息，即使是静态的与其他线程也是隔离的
     private static ThreadLocal<LoginUser> userThreadLocal = new ThreadLocal<>();
     //线程变量，存放uri，即使是静态的与其他线程也是隔离的
@@ -36,6 +40,27 @@ public abstract class UserUtils {
         userThreadLocal.set(user);
     }
 
+    //为当前的线程变量赋值上token信息
+    public static void setToken(String uId, String token) {
+        tokenMap.put(uId, token);
+    }
+
+    /**
+     * 获取当前访问方法的token
+     * @return
+     */
+    public static String getToken(String uId) {
+        System.out.println("---");
+        String s = tokenMap.get(uId);
+        System.out.println(s);
+        return tokenMap.get(uId);
+    }
+
+    //清除tokenThreadLocal线程变量
+    public static void removeToken(String uId) {
+        tokenMap.remove(uId);
+    }
+
     //清除userThreadLocal线程变量
     public static void removeUser() {
         userThreadLocal.remove();