From 7248248b89e0ccee0494dec559791ad3386b77e3 Mon Sep 17 00:00:00 2001 From: zk Date: Wed, 11 Mar 2026 15:59:05 +0800 Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=8B=A6=E6=88=AA=E5=99=A8?= =?UTF-8?q?=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../JwtAuthenticationTokenFilter.java | 34 +++++++++++++------ 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/common/src/main/java/org/jiayunet/interceptor/JwtAuthenticationTokenFilter.java b/common/src/main/java/org/jiayunet/interceptor/JwtAuthenticationTokenFilter.java index e9d435e..3570c8f 100644 --- a/common/src/main/java/org/jiayunet/interceptor/JwtAuthenticationTokenFilter.java +++ b/common/src/main/java/org/jiayunet/interceptor/JwtAuthenticationTokenFilter.java @@ -11,6 +11,7 @@ import java.util.stream.Collectors; import javax.servlet.FilterChain; import javax.servlet.ServletException; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -46,13 +47,9 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { /** * 加密密钥 */ - @Value("${app.secret.token:sh.0807.}") + @Value("${app.secret.token:youweiqingnian123}") private String secret; - /** - * 在线设备数量 - */ - @Value("${app.login.device_online_quantity:5}") - private int deviceOnlineQuantity; + /** * token过期时间 */ @@ -74,8 +71,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { private RedisServerTool redisServerTool; @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws ServletException, IOException { + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // 忽略接口放行 if (ifCurrentUrl(ignoreUrls, request.getRequestURI())) { @@ -83,8 +79,23 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { return; } - // 获取token - String token = request.getHeader("Token"); + // 获取token:优先从cookie获取,不存在则从请求头获取 + String token = null; + if (request.getCookies() != null) { + for (Cookie cookie : request.getCookies()) { + if ("Token".equals(cookie.getName())) { + token = cookie.getValue(); + break; + } + } + } + + if (!StringUtils.hasText(token)) { + token = request.getHeader("Token"); + } + + + if (!StringUtils.hasText(token)) { // 放行 filterChain.doFilter(request, response); @@ -109,8 +120,10 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { // 获取登录设备信息 List devices = info.getLoginDevices(); + // 过滤过期 devices = devices.stream().filter(v -> v.getLastLoginTime().isBefore(new Date(System.currentTimeMillis() + tokenExceedTime * 1000L).toInstant())).collect(Collectors.toList()); + Map map = devices.stream().collect(Collectors.toMap(RedisLoginTokenInfo.LoginDevice::getUuId, v -> v)); Assert.isTrue(map.containsKey(uuId), "登录过期"); @@ -124,6 +137,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { new UsernamePasswordAuthenticationToken(info.getUserId(), info, info.getAuthority().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList())); authenticationToken.setDetails(info); + SecurityContextHolder.getContext().setAuthentication(authenticationToken); MDC.put("userId", userId.toString());