panxuejie
/
tacit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

jwt验证兼容redis

This commit is contained in:
panxuejie 2026-01-07 17:34:56 +08:00
parent 5d8f4ae4fd
commit 27cbcd9f33
4 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tacit-admin/src/main/java/com/tacit/admin/config/SecurityConfig.java
View File

@ -3,6 +3,8 @@ package com.tacit.admin.config;
import com.tacit.common.constant.CommonConstant; import com.tacit.common.constant.CommonConstant;
import com.tacit.common.utils.AesPasswordEncoder; import com.tacit.common.utils.AesPasswordEncoder;
import com.tacit.common.utils.JwtUtils; import com.tacit.common.utils.JwtUtils;
import com.tacit.common.utils.RedisUtils;
import jakarta.annotation.Resource;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -31,6 +33,9 @@ import java.util.Collections;
@EnableMethodSecurity(prePostEnabled = true) @EnableMethodSecurity(prePostEnabled = true)
@Slf4j @Slf4j
public class SecurityConfig { public class SecurityConfig {
@Resource
private RedisUtils redisUtils;
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@ -58,8 +63,8 @@ public class SecurityConfig {
if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) { if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) {
String token = authorization.substring(CommonConstant.JWT_PREFIX.length()); String token = authorization.substring(CommonConstant.JWT_PREFIX.length());
try { try {
// 验证JWT令牌 // 验证JWT令牌和Redis中的令牌是否存在
if (JwtUtils.validateToken(token)) { if (JwtUtils.validateToken(token) && redisUtils.hasKey(token)) {
// 从令牌中获取用户信息 // 从令牌中获取用户信息
String username = JwtUtils.getUsernameFromToken(token); String username = JwtUtils.getUsernameFromToken(token);
String role = JwtUtils.getRoleFromToken(token); String role = JwtUtils.getRoleFromToken(token);

3
tacit-admin/src/main/java/com/tacit/admin/service/impl/UserServiceImpl.java
View File

@ -29,7 +29,8 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
@Resource @Resource
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
@Autowired
@Resource
private RedisUtils redisUtils; private RedisUtils redisUtils;
@Override @Override

9
tacit-app-api/src/main/java/com/tacit/app/config/AppSecurityConfig.java
View File

@ -3,7 +3,9 @@ package com.tacit.app.config;
import com.tacit.common.constant.CommonConstant; import com.tacit.common.constant.CommonConstant;
import com.tacit.common.utils.AesPasswordEncoder; import com.tacit.common.utils.AesPasswordEncoder;
import com.tacit.common.utils.JwtUtils; import com.tacit.common.utils.JwtUtils;
import com.tacit.common.utils.RedisUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@ -31,6 +33,9 @@ import java.util.Collections;
@EnableMethodSecurity(prePostEnabled = true) @EnableMethodSecurity(prePostEnabled = true)
@Slf4j @Slf4j
public class AppSecurityConfig { public class AppSecurityConfig {
@Autowired
private RedisUtils redisUtils;
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@ -57,8 +62,8 @@ public class AppSecurityConfig {
if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) { if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) {
String token = authorization.substring(CommonConstant.JWT_PREFIX.length()); String token = authorization.substring(CommonConstant.JWT_PREFIX.length());
try { try {
// 验证JWT令牌 // 验证JWT令牌和Redis中的令牌是否存在
if (JwtUtils.validateToken(token)) { if (JwtUtils.validateToken(token) && redisUtils.hasKey(token)) {
// 从令牌中获取用户信息 // 从令牌中获取用户信息
Long userId = JwtUtils.getUserIdFromToken(token); Long userId = JwtUtils.getUserIdFromToken(token);
String username = JwtUtils.getUsernameFromToken(token); String username = JwtUtils.getUsernameFromToken(token);

4
tacit-gateway/src/main/java/com/tacit/gateway/filter/JwtAuthenticationFilter.java
View File

@ -72,8 +72,8 @@ public class JwtAuthenticationFilter extends AbstractGatewayFilterFactory<JwtAut
// 验证JWT令牌 // 验证JWT令牌
try { try {
Boolean isBlacklisted = redisTemplate.hasKey(token); Boolean isTokenValid = redisTemplate.hasKey(token);
if (!Boolean.TRUE.equals(isBlacklisted)) { if (!isTokenValid) {
return unauthorizedResponse(exchange, "Token已被注销"); return unauthorizedResponse(exchange, "Token已被注销");
} }
JwtUtils.validateToken(token); JwtUtils.validateToken(token);