RIZO/shanghaiganxiang-zhusu-back01
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

token测试

Browse Source
This commit is contained in:
杨晓东 2025-12-16 13:45:02 +08:00
parent cdd01d8876
commit 311b375b6e
2 changed files with 40 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
shgx-admin/src/main/resources/application-prod.yml
View File

@ -140,7 +140,7 @@ xss:
# Token
token:
header: Authorization
expireTime: 30
expireTime: 43200
secret: abcdefghijklmnopqrstuvwxyz
# Swagger

59
shgx-framework/src/main/java/com/shgx/framework/web/service/TokenService.java
View File

@ -20,12 +20,13 @@ import com.shgx.common.utils.ip.IpUtils;
import com.shgx.common.utils.uuid.IdUtils;
import eu.bitwalker.useragentutils.UserAgent;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
/**
* token验证处理
*
*
* @author ruoyi
*/
@Component
@ -56,7 +57,7 @@ public class TokenService
/**
* 获取用户身份信息
*
*
* @return 用户信息
*/
public LoginUser getLoginUser(HttpServletRequest request)
@ -72,6 +73,10 @@ public class TokenService
String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
String userKey = getTokenKey(uuid);
LoginUser user = redisCache.getCacheObject(userKey);
// 注释取消Token过期校验原代码无校验此处兜底
// if (user != null) {
// verifyToken(user);
// }
return user;
}
catch (Exception e)
@ -107,7 +112,7 @@ public class TokenService
/**
* 创建令牌
*
*
* @param loginUser 用户信息
* @return 令牌
*/
@ -126,37 +131,43 @@ public class TokenService
/**
* 验证令牌有效期相差不足20分钟自动刷新缓存
*
*
* @param loginUser 登录信息
* @return 令牌
*/
public void verifyToken(LoginUser loginUser)
{
long expireTime = loginUser.getExpireTime();
long currentTime = System.currentTimeMillis();
if (expireTime - currentTime <= MILLIS_MINUTE_TWENTY)
{
refreshToken(loginUser);
}
// ========== 核心修改1注释所有续期/过期校验逻辑 ==========
// long expireTime = loginUser.getExpireTime();
// long currentTime = System.currentTimeMillis();
// if (expireTime - currentTime <= MILLIS_MINUTE_TWENTY)
// {
// refreshToken(loginUser);
// }
}
/**
* 刷新令牌有效期
*
*
* @param loginUser 登录信息
*/
public void refreshToken(LoginUser loginUser)
{
loginUser.setLoginTime(System.currentTimeMillis());
loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
// 根据uuid将loginUser缓存
// ========== 核心修改2可选 - 强制永久有效忽略配置的expireTime ==========
// 若想按配置的expireTime如30天过期保留下面这行若想永久注释这行
// loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
// ========== 核心修改3Redis存储取消过期时间永久存储 ==========
String userKey = getTokenKey(loginUser.getToken());
redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
// 原代码redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
// 修改后永久存储
redisCache.setCacheObject(userKey, loginUser);
}
/**
* 设置用户代理信息
*
*
* @param loginUser 登录信息
*/
public void setUserAgent(LoginUser loginUser)
@ -179,6 +190,8 @@ public class TokenService
{
String token = Jwts.builder()
.setClaims(claims)
// ========== 核心修改4JWT不设置过期时间原代码已无此处确认 ==========
// .setExpiration(new Date(System.currentTimeMillis() + expireTime * MILLIS_MINUTE))
.signWith(SignatureAlgorithm.HS512, secret).compact();
return token;
}
@ -191,10 +204,16 @@ public class TokenService
*/
private Claims parseToken(String token)
{
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
try {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
} catch (ExpiredJwtException e) {
// ========== 核心修改5捕获JWT过期异常强制返回claims ==========
log.warn("Token已过有效期但强制放行: {}", e.getMessage());
return e.getClaims();
}
}
/**
@ -229,4 +248,4 @@ public class TokenService
{
return CacheConstants.LOGIN_TOKEN_KEY + uuid;
}
}
}