Comments (7)
- addDefaultFilterDefinition方法添加RequestPathFilter目的,1是可打印请求路径,2.示范shiro方式配置filter
- cacheLoginInfo方法的generate参数删除,新增refreshLoginInfo方法
- LoginUtil登陆工具类是用来业务模块使用的,获取当前登陆信息
- LoginServiceImpl类的refreshToken方法,已优化
代码更改:https://github.com/geekidea/spring-boot-plus/commit/766f02f6ea8f049ec411359503a2dadddcc7a19a
from spring-boot-plus.
- addDefaultFilterDefinition方法添加RequestPathFilter目的,1是可打印请求路径,2.示范shiro方式配置filter
- cacheLoginInfo方法的generate参数删除,新增refreshLoginInfo方法
- LoginUtil登陆工具类是用来业务模块使用的,获取当前登陆信息
- LoginServiceImpl类的refreshToken方法,已优化
代码更改:https://github.com/geekidea/spring-boot-plus/commit/766f02f6ea8f049ec411359503a2dadddcc7a19a
刚看了refreshLoginInfo的实现,首先会调用deleteLoginInfo删除redis中的记录,那getLoginSysUserRedisVo应该取不到对应的value了吧。
应该是先getLoginSysUserRedisVo再deleteLoginInfo吧
from spring-boot-plus.
LoginUtil的getUserId()、getUsername()方法有问题:1、loginSysUserRedisVo为空依然调用getId()、getUsername()方法,容易出现NullPointer异常
from spring-boot-plus.
JwtFilter中的createToken()方法中的token过期时间可能早于redis中的过期时间,可能出现token到期但redis中仍存在对应key-value的情况。
另外还有一个小疑问:Shiro模块中抛出的AuthenticationException是没有进行捕获处理吗?
from spring-boot-plus.
Redis缓存时间是获取的JwtToken的失效时间,所以是一致的。 @nita22
LoginRedisServiceImpl > cacheLoginInfo
// Redis过期时间与JwtToken过期时间一致
Duration expireDuration = Duration.ofSeconds(jwtToken.getExpireSecond());
from spring-boot-plus.
当抛出AuthenticationException等校验异常时,会进入失败方法处理
JwtFilter
/**
* 访问失败处理
*
* @param request
* @param response
* @return
* @throws Exception
*/
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
HttpServletRequest httpServletRequest = WebUtils.toHttp(request);
HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
// 返回401
httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// 设置响应码为401或者直接输出消息
String url = httpServletRequest.getRequestURI();
log.error("onAccessDenied url:{}", url);
ApiResult apiResult = ApiResult.fail(ApiCode.UNAUTHORIZED);
HttpServletResponseUtil.printJSON(httpServletResponse, apiResult);
return false;
}
前端响应结果
{
"code": 401,
"msg": "非法访问",
"time": "2019-10-22 10:06:16"
}
from spring-boot-plus.
refreshToken方法和LoginUtil工具类方法问题已修复
8e3192e7b2c78521f4f122e064ef38bbd8212762
from spring-boot-plus.
Related Issues (20)
- How can I run the generator-2.0.jar ?
- 有单module版本么 HOT 1
- bootstrap启动失败 HOT 1
- How can urlmapping such as from /a/b/c to /abc ?
- swagger填写单个路径不生效
- 能否根据openapi的yaml文件生成服务端代码并与spring-boot-plus现有功能整合?
- IpAddressMapper.xml中使用了MySQL数据库方言INET_ATON,更换其他数据源导致报错
- layui edit的数据绑定怎么实现的
- 系统管理-各翻页接口报错 HOT 1
- 某账号在已经登录的情况下管理员禁用,但还可以使用
- 启用验证码后 登录报错 HOT 1
- 前后端分离,如何实现接口请求路径带ip:port/api/,静态资源不带/api/ HOT 4
- 异步保存日志信息到数据库的注解@Async没有生效 HOT 1
- ApiResult类中 result(ApiCode apiCode,String message,T data)方法,自定义message未生效
- 表主键采用的是雪花策略,代码生成的实体中主键校验依然存在,建议去除
- log4j bug
- spring-boot-starter-actuator找不到为什么呢
- How to deploy HOT 2
- 类型转换错误异常ClassCastException HOT 2
- failed start HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot-plus.