Commit 104db084 authored by zengtianlai3's avatar zengtianlai3

解决注销会话标识未失效

parent 3b9ea1aa
...@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiImplicitParams; ...@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import iot.sixiang.license.jwt.JwtUtil; import iot.sixiang.license.jwt.JwtUtil;
import iot.sixiang.license.jwt.LoginUser; import iot.sixiang.license.jwt.LoginUser;
import iot.sixiang.license.jwt.UserUtils;
import iot.sixiang.license.log.BusinessType; import iot.sixiang.license.log.BusinessType;
import iot.sixiang.license.log.MyLog; import iot.sixiang.license.log.MyLog;
import iot.sixiang.license.model.BaseResult; import iot.sixiang.license.model.BaseResult;
...@@ -53,6 +54,7 @@ public class LoginController { ...@@ -53,6 +54,7 @@ public class LoginController {
String token = JwtUtil.createToken(dbUser); String token = JwtUtil.createToken(dbUser);
LoginVo loginVo = new LoginVo(); LoginVo loginVo = new LoginVo();
loginVo.setAuthorization(token); loginVo.setAuthorization(token);
UserUtils.setToken(dbUser.getUserId(),token);
return ResResult.success().goRecord(loginVo); return ResResult.success().goRecord(loginVo);
} }
} }
...@@ -63,6 +65,8 @@ public class LoginController { ...@@ -63,6 +65,8 @@ public class LoginController {
@GetMapping("logout") @GetMapping("logout")
@MyLog(title = "注销", businessType = BusinessType.OTHER) @MyLog(title = "注销", businessType = BusinessType.OTHER)
public BaseResult logout() { public BaseResult logout() {
String loginUserId = UserUtils.getLoginUserId();
UserUtils.removeToken(loginUserId);
return BaseResult.success(); return BaseResult.success();
} }
......
...@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.Claim; ...@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT; import com.auth0.jwt.interfaces.DecodedJWT;
import iot.sixiang.license.xss.XssUtil; import iot.sixiang.license.xss.XssUtil;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;
import javax.servlet.*; import javax.servlet.*;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
...@@ -54,7 +55,7 @@ public class JwtFilter implements Filter { ...@@ -54,7 +55,7 @@ public class JwtFilter implements Filter {
return; return;
} }
if (token == null) { if (StringUtils.isEmpty(token)) {
request.setAttribute("msg","认证信息不能为空"); request.setAttribute("msg","认证信息不能为空");
request.getRequestDispatcher("/fail").forward(request, response); request.getRequestDispatcher("/fail").forward(request, response);
return; return;
...@@ -74,11 +75,15 @@ public class JwtFilter implements Filter { ...@@ -74,11 +75,15 @@ public class JwtFilter implements Filter {
String userId = userData.get("userId").asString(); String userId = userData.get("userId").asString();
String userName = userData.get("userName").asString(); String userName = userData.get("userName").asString();
String password = userData.get("password").asString(); String password = userData.get("password").asString();
LoginUser loginUser = new LoginUser(userId, userName, password); LoginUser loginUser = new LoginUser(userId, userName, password);
if (token.equals(UserUtils.getToken(userId))) {
UserUtils.setLoginUser(loginUser); UserUtils.setLoginUser(loginUser);
UserUtils.setUri(uri); UserUtils.setUri(uri);
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} else {
request.setAttribute("msg","token已失效");
request.getRequestDispatcher("/fail").forward(request, response);
}
} }
} }
} }
......
package iot.sixiang.license.jwt; package iot.sixiang.license.jwt;
import java.util.HashMap;
import java.util.Map;
/** /**
* 存储/获取当前线程的用户信息工具类 * 存储/获取当前线程的用户信息工具类
*/ */
public abstract class UserUtils { public abstract class UserUtils {
static Map<String, String> tokenMap = new HashMap<>();
//线程变量,存放user实体类信息,即使是静态的与其他线程也是隔离的 //线程变量,存放user实体类信息,即使是静态的与其他线程也是隔离的
private static ThreadLocal<LoginUser> userThreadLocal = new ThreadLocal<>(); private static ThreadLocal<LoginUser> userThreadLocal = new ThreadLocal<>();
//线程变量,存放uri,即使是静态的与其他线程也是隔离的 //线程变量,存放uri,即使是静态的与其他线程也是隔离的
...@@ -36,6 +40,27 @@ public abstract class UserUtils { ...@@ -36,6 +40,27 @@ public abstract class UserUtils {
userThreadLocal.set(user); userThreadLocal.set(user);
} }
//为当前的线程变量赋值上token信息
public static void setToken(String uId, String token) {
tokenMap.put(uId, token);
}
/**
* 获取当前访问方法的token
* @return
*/
public static String getToken(String uId) {
System.out.println("---");
String s = tokenMap.get(uId);
System.out.println(s);
return tokenMap.get(uId);
}
//清除tokenThreadLocal线程变量
public static void removeToken(String uId) {
tokenMap.remove(uId);
}
//清除userThreadLocal线程变量 //清除userThreadLocal线程变量
public static void removeUser() { public static void removeUser() {
userThreadLocal.remove(); userThreadLocal.remove();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment