登录拦截器修改

common/src/main/java/org/jiayunet/interceptor/JwtAuthenticationTokenFilter.java

@@ -11,6 +11,7 @@ import java.util.stream.Collectors;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -46,13 +47,9 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     /**
      * 加密密钥
      */
-    @Value("${app.secret.token:sh.0807.}")
+    @Value("${app.secret.token:youweiqingnian123}")
     private String secret;
-    /**
+
-     * 在线设备数量
-     */
-    @Value("${app.login.device_online_quantity:5}")
-    private int deviceOnlineQuantity;
     /**
      * token过期时间
      */
@@ -74,8 +71,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
     private RedisServerTool redisServerTool;
 
     @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-            throws ServletException, IOException {
 
         // 忽略接口放行
         if (ifCurrentUrl(ignoreUrls, request.getRequestURI())) {
@@ -83,8 +79,23 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
             return;
         }
 
-        // 获取token
+        // 获取token：优先从cookie获取，不存在则从请求头获取
-        String token = request.getHeader("Token");
+        String token = null;
+        if (request.getCookies() != null) {
+            for (Cookie cookie : request.getCookies()) {
+                if ("Token".equals(cookie.getName())) {
+                    token = cookie.getValue();
+                    break;
+                }
+            }
+        }
+
+        if (!StringUtils.hasText(token)) {
+            token = request.getHeader("Token");
+        }
+
+
+
         if (!StringUtils.hasText(token)) {
             // 放行
             filterChain.doFilter(request, response);
@@ -109,8 +120,10 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
 
         // 获取登录设备信息
         List<RedisLoginTokenInfo.LoginDevice> devices = info.getLoginDevices();
+
         // 过滤过期
         devices = devices.stream().filter(v -> v.getLastLoginTime().isBefore(new Date(System.currentTimeMillis() + tokenExceedTime * 1000L).toInstant())).collect(Collectors.toList());
+
         Map<String, RedisLoginTokenInfo.LoginDevice> map = devices.stream().collect(Collectors.toMap(RedisLoginTokenInfo.LoginDevice::getUuId, v -> v));
         Assert.isTrue(map.containsKey(uuId), "登录过期");
 
@@ -124,6 +137,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
                 new UsernamePasswordAuthenticationToken(info.getUserId(), info,
                         info.getAuthority().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
         authenticationToken.setDetails(info);
+
         SecurityContextHolder.getContext().setAuthentication(authenticationToken);
 
         MDC.put("userId", userId.toString());