bug fixed

77a4c715 · liqin · 64c7a548 · 77a4c715 · 77a4c715 · 77a4c715
Commit 77a4c715 authored Mar 12, 2021 by liqin 💬
4 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -172,7 +172,7 @@
        <dependency>
            <groupId>org.crazycake</groupId>
            <artifactId>shiro-redis</artifactId>
-            <version>3.3.1</version>
+            <version>3.3.2</version>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.shiro</groupId>

--- a/src/main/java/cn/wisenergy/chnmuseum/party/auth/filter/JwtFilter.java
+++ b/src/main/java/cn/wisenergy/chnmuseum/party/auth/filter/JwtFilter.java
@@ -33,26 +33,7 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
    }

    /**
-     *
-     */
-    @Override
-    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) {
-        HttpServletRequest request = (HttpServletRequest) servletRequest;
-        String authorization = request.getHeader("Authorization");
-        if (StringUtils.isNotBlank(authorization)) {
-            if (authorization.startsWith("Bearer ")) {
-                authorization = authorization.substring(7);
-            }
-        }
-
-        JwtToken token = new JwtToken(authorization);
-        // 提交给realm进行登入，如果错误他会抛出异常并被捕获
-        getSubject(servletRequest, servletResponse).login(token);
-        // 如果没有抛出异常则代表登入成功，返回true
-        return true;
-    }
-
-    /**
+     * 执行登录认证
     * 这里我们详细说明下为什么最终返回的都是true，即允许访问
     * 例如我们提供一个地址 GET /article
     * 登入用户和游客看到的内容是不同的
@@ -68,12 +49,32 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
            try {
                executeLogin(request, response);
            } catch (UnauthorizedException | AuthenticationException e) {
-            	return false;
+                throw new AuthenticationException("Token失效，请重新登录", e);
            }
        }
        return true;
    }

+    /**
+     *
+     */
+    @Override
+    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        String authorization = request.getHeader("Authorization");
+        if (StringUtils.isNotBlank(authorization)) {
+            if (authorization.startsWith("Bearer ")) {
+                authorization = authorization.substring(7);
+            }
+        }
+
+        JwtToken token = new JwtToken(authorization);
+        // 提交给realm进行登入，如果错误他会抛出异常并被捕获
+        getSubject(servletRequest, servletResponse).login(token);
+        // 如果没有抛出异常则代表登入成功，返回true
+        return true;
+    }
+
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;

--- a/src/main/java/cn/wisenergy/chnmuseum/party/auth/realm/MyShiroRealm.java
+++ b/src/main/java/cn/wisenergy/chnmuseum/party/auth/realm/MyShiroRealm.java
@@ -68,21 +68,21 @@ public class MyShiroRealm extends AuthorizingRealm {

    /**
     * 认证信息.(身份验证) : Authentication 是用来验证用户身份
-     *
-     * @param auth
-     * @return
     * @throws AuthenticationException
     */
    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
-        String token = (String) auth.getCredentials();
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+        String credentials = (String) token.getCredentials();
+        if (credentials == null) {
+            throw new AuthenticationException("token为空!");
+        }
        Boolean hasToken = stringRedisTemplate.hasKey(SHIRO_JWT_TOKEN + token);
        if (hasToken == null || !hasToken) {
            throw new AuthenticationException("用户未登录!");
        }

        LOGGER.info("MyShiroRealm doGetAuthenticationInfo().token=" + token);
-        String username = JwtTokenUtil.getUsername(token);
+        String username = JwtTokenUtil.getUsername(credentials);
        if (username == null) {
            throw new AuthenticationException("token invalid");
        }
@@ -90,17 +90,17 @@ public class MyShiroRealm extends AuthorizingRealm {

        // 通过username从数据库中查找
        // 实际项目中，这里可以根据实际情况做缓存，如果不做，Shiro自己也是有时间间隔机制，2分钟内不会重复执行该方法
-        String employeeId = JwtTokenUtil.getEmployeeId(token);
+        String employeeId = JwtTokenUtil.getEmployeeId(credentials);
        Employee employee = this.employeeService.selectByEmpId(employeeId);
        if (employee == null) {
            throw new AuthenticationException("User does not exist!");
        }

-        if (JwtTokenUtil.verify(token, username) == null) {
+        if (JwtTokenUtil.verify(credentials, username) == null) {
            throw new AuthenticationException("token invalid");
        }

-        return new SimpleAuthenticationInfo(new Employee(employee.getId(), token), token, getName());
+        return new SimpleAuthenticationInfo(new Employee(employee.getId(), credentials), token, getName());
    }

    /**
@@ -114,7 +114,6 @@ public class MyShiroRealm extends AuthorizingRealm {
        if (hasToken == null || !hasToken) {
            throw new AuthenticationException("token invalid!");
        }
-
        String employeeId = JwtTokenUtil.getEmployeeId(employee.getJwtToken());

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

--- a/src/main/java/cn/wisenergy/chnmuseum/party/conf/ShiroConfig.java
+++ b/src/main/java/cn/wisenergy/chnmuseum/party/conf/ShiroConfig.java
@@ -98,7 +98,7 @@ public class ShiroConfig {
        return shiroFilterFactoryBean;
    }

-    @Bean
+    @Bean("securityManager")
    public DefaultWebSecurityManager securityManager() {
        logger.info("ShiroConfiguration.securityManager()");
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
@@ -157,7 +157,7 @@ public class ShiroConfig {
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        logger.info("ShiroConfiguration.defaultAdvisorAutoProxyCreator()");
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
+        //defaultAdvisorAutoProxyCreator.setUsePrefix(true);
        // 强制使用cglib，防止重复代理和可能引起代理出错的问题
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
@@ -201,10 +201,12 @@ public class ShiroConfig {
    public RedisCacheManager redisCacheManager() {
        RedisCacheManager redisCacheManager = new RedisCacheManager();
        redisCacheManager.setRedisManager(redisManager());
-        redisCacheManager.setKeyPrefix(CACHE_KEY);
+        //redisCacheManager.setKeyPrefix(CACHE_KEY);
        // shiro-redis要求放在session里面的实体类必须有个id标识
        //这是组成redis中所存储数据的key的一部分
        redisCacheManager.setPrincipalIdFieldName("id");
+        //用户权限信息缓存时间
+        //redisCacheManager.setExpire(200000);
        return redisCacheManager;
    }