From 89f4d122dd1bc97d972bb5ad4a83f96b0b633532 Mon Sep 17 00:00:00 2001 From: zhangdaiscott Date: Mon, 12 Oct 2020 16:23:45 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9C=A8=E7=BA=BF=E5=88=87=E6=8D=A2=E9=83=A8?= =?UTF-8?q?=E9=97=A8=EF=BC=8C=E7=94=A8=E6=88=B7=E7=BC=93=E5=AD=98=E4=BF=A1?= =?UTF-8?q?=E6=81=AF=E6=9B=B4=E6=96=B0=20issues/I1X4DT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jeecg/common/constant/CacheConstant.java | 5 ----- .../org/jeecg/config/shiro/ShiroRealm.java | 9 +-------- .../cas/controller/CasClientController.java | 8 -------- .../system/controller/LoginController.java | 19 +------------------ .../controller/ThirdLoginController.java | 8 -------- 5 files changed, 2 insertions(+), 47 deletions(-) diff --git a/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/common/constant/CacheConstant.java b/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/common/constant/CacheConstant.java index e8d4bb58..3b46d9a9 100644 --- a/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/common/constant/CacheConstant.java +++ b/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/common/constant/CacheConstant.java @@ -7,11 +7,6 @@ package org.jeecg.common.constant; */ public interface CacheConstant { - /** - * 缓存用户jwt - */ - public static final String SYS_USERS_CACHE_JWT = "sys:cache:user:jwt"; - /** * 字典信息缓存 */ diff --git a/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java b/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java index 0c80f268..467316ca 100644 --- a/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java +++ b/jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java @@ -114,14 +114,7 @@ public class ShiroRealm extends AuthorizingRealm { // 查询用户信息 log.debug("———校验token是否有效————checkUserTokenIsEffect——————— "+ token); - LoginUser loginUser = (LoginUser) redisUtil.get(CacheConstant.SYS_USERS_CACHE_JWT+":"+token); - //TODO 当前写法导致两个小时操作中token过期 - //如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期 - if(loginUser==null){ - loginUser = commonAPI.getUserByName(username); - //密码二次加密,因为存于redis会泄露 - loginUser.setPassword(SecureUtil.md5(loginUser.getPassword())); - } + LoginUser loginUser = commonAPI.getUserByName(username); if (loginUser == null) { throw new AuthenticationException("用户不存在!"); } diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/cas/controller/CasClientController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/cas/controller/CasClientController.java index 48261919..b22e79b6 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/cas/controller/CasClientController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/cas/controller/CasClientController.java @@ -87,14 +87,6 @@ public class CasClientController { redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 - LoginUser vo = new LoginUser(); - BeanUtils.copyProperties(sysUser,vo); - vo.setPassword(SecureUtil.md5(sysUser.getPassword())); - redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); - redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-end-author:taoyan date:20200812 for:登录缓存用户信息 - //获取用户部门信息 JSONObject obj = new JSONObject(); List departs = sysDepartService.queryUserDeparts(sysUser.getId()); diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java index c3639cea..eb040c54 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -356,20 +356,11 @@ public class LoginController { String syspassword = sysUser.getPassword(); String username = sysUser.getUsername(); // 生成token - String token = JwtUtil.sign(username, SecureUtil.md5(syspassword)); + String token = JwtUtil.sign(username, syspassword); // 设置token缓存有效时间 redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 - LoginUser vo = new LoginUser(); - BeanUtils.copyProperties(sysUser,vo); - //密码二次加密,因为存于redis会泄露 - vo.setPassword(SecureUtil.md5(sysUser.getPassword())); - redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); - redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-end-author:taoyan date:20200812 for:登录缓存用户信息 - // 获取用户部门信息 JSONObject obj = new JSONObject(); List departs = sysDepartService.queryUserDeparts(sysUser.getId()); @@ -484,14 +475,6 @@ public class LoginController { redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 - LoginUser vo = new LoginUser(); - BeanUtils.copyProperties(sysUser,vo); - vo.setPassword(SecureUtil.md5(sysUser.getPassword())); - redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); - redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-end-author:taoyan date:20200812 for:登录缓存用户信息 - //token 信息 obj.put("token", token); result.setResult(obj); diff --git a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java index 9fd82d50..4b6b6e28 100644 --- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java +++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java @@ -109,14 +109,6 @@ public class ThirdLoginController { // 设置超时时间 redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000); - //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 - LoginUser redisUser = new LoginUser(); - BeanUtils.copyProperties(user, redisUser); - redisUser.setPassword(SecureUtil.md5(user.getPassword())); - redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, redisUser); - redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); - //update-end-author:taoyan date:20200812 for:登录缓存用户信息 - modelMap.addAttribute("token", token); //update-begin--Author:wangshuai Date:20200729 for:接口在签名校验失败时返回失败的标识码 issues#1441-------------------- }else{ -- GitLab