From 983bdb5b89932b38d08a11ad1eed6ea89d1597e1 Mon Sep 17 00:00:00 2001
From: kongzy <kongzy>
Date: 星期一, 29 一月 2024 10:07:31 +0800
Subject: [PATCH] 更新
---
assess-framework/src/main/java/com/gkhy/assess/framework/shiro/service/SysLoginService.java | 21 +++++++++++++++++++--
1 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/assess-framework/src/main/java/com/gkhy/assess/framework/shiro/service/SysLoginService.java b/assess-framework/src/main/java/com/gkhy/assess/framework/shiro/service/SysLoginService.java
index 31cf00c..ab85786 100644
--- a/assess-framework/src/main/java/com/gkhy/assess/framework/shiro/service/SysLoginService.java
+++ b/assess-framework/src/main/java/com/gkhy/assess/framework/shiro/service/SysLoginService.java
@@ -15,6 +15,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;
@Component
@@ -25,6 +26,8 @@
private SysPasswordService passwordService;
@Autowired
private RedisUtils redisUtils;
+ @Autowired
+ private HttpServletRequest request;
public SysUser login(String username, String password) {
SysUser sysUser=sysUserService.getUserByUsernamePhone(username);
@@ -37,6 +40,16 @@
public void validUser(SysUser sysUser){
if(sysUser==null) {
throw new AuthenticationException("用户不存在");
+ }
+ String uri=request.getRequestURI();
+ if(uri.startsWith("/api/system")){
+ if(UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){
+ throw new AuthenticationException("专家用户无权登录后台");
+ }
+ }else if(uri.startsWith("/api/app/")){
+ if(!UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){
+ throw new AuthenticationException("只有专家用户才能登录APP");
+ }
}
if(UserStatusEnum.DELETED.getCode().equals(sysUser.getDelFlag())){
throw new AuthenticationException("用户已被删除");
@@ -52,14 +65,18 @@
}
public SysUser validJwtToken(String jwtToken){
+
String username= JwtTokenUtil.getUsername(jwtToken);
if(StringUtils.isEmpty(username)){
throw new AuthenticationException("token非法无效!");
}
SysUser sysUser=sysUserService.getUserByUsernamePhone(username);
validUser(sysUser);
+ if(!JwtTokenUtil.verify(jwtToken,username,sysUser.getPassword())){
+ throw new AuthenticationException("token非法无效!");
+ }
if(!jwtTokenRefresh(jwtToken,username,sysUser.getPassword())){
- throw new AuthenticationException("Token失效,请重新登录!");
+ throw new AuthenticationException("Token已失效,请重新登录!");
}
// setRolePermission(sysUser);
return sysUser;
@@ -84,7 +101,7 @@
String cacheToken= (String) redisUtils.get(tokenKey);
if(StringUtils.isNotEmpty(cacheToken)){
// 校验token有效性
- if(!JwtTokenUtil.verify(cacheToken,username,passWord)){
+ if(!JwtTokenUtil.isNeedUpdate(cacheToken,username,passWord)){
String newToken=JwtTokenUtil.sign(username,passWord);
// 设置超时时间
redisUtils.set(tokenKey,newToken);
--
Gitblit v1.9.2