jwt验证兼容redis

tacit-admin/src/main/java/com/tacit/admin/config/SecurityConfig.java

@@ -3,6 +3,8 @@ package com.tacit.admin.config;
 import com.tacit.common.constant.CommonConstant;
 import com.tacit.common.utils.AesPasswordEncoder;
 import com.tacit.common.utils.JwtUtils;
+import com.tacit.common.utils.RedisUtils;
+import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -32,6 +34,9 @@ import java.util.Collections;
 @Slf4j
 public class SecurityConfig {
     
+    @Resource
+    private RedisUtils redisUtils;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
@@ -58,8 +63,8 @@ public class SecurityConfig {
                 if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) {
                     String token = authorization.substring(CommonConstant.JWT_PREFIX.length());
                     try {
-                        // 验证JWT令牌
-                        if (JwtUtils.validateToken(token)) {
+                        // 验证JWT令牌和Redis中的令牌是否存在
+                        if (JwtUtils.validateToken(token) && redisUtils.hasKey(token)) {
                             // 从令牌中获取用户信息
                             String username = JwtUtils.getUsernameFromToken(token);
                             String role = JwtUtils.getRoleFromToken(token);

tacit-admin/src/main/java/com/tacit/admin/service/impl/UserServiceImpl.java

@@ -29,7 +29,8 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
 
     @Resource
     private PasswordEncoder passwordEncoder;
-    @Autowired
+
+    @Resource
     private RedisUtils redisUtils;
 
     @Override

tacit-app-api/src/main/java/com/tacit/app/config/AppSecurityConfig.java

@@ -3,7 +3,9 @@ package com.tacit.app.config;
 import com.tacit.common.constant.CommonConstant;
 import com.tacit.common.utils.AesPasswordEncoder;
 import com.tacit.common.utils.JwtUtils;
+import com.tacit.common.utils.RedisUtils;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@@ -32,6 +34,9 @@ import java.util.Collections;
 @Slf4j
 public class AppSecurityConfig {
     
+    @Autowired
+    private RedisUtils redisUtils;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http
@@ -57,8 +62,8 @@ public class AppSecurityConfig {
                 if (authorization != null && authorization.startsWith(CommonConstant.JWT_PREFIX)) {
                     String token = authorization.substring(CommonConstant.JWT_PREFIX.length());
                     try {
-                        // 验证JWT令牌
-                        if (JwtUtils.validateToken(token)) {
+                        // 验证JWT令牌和Redis中的令牌是否存在
+                        if (JwtUtils.validateToken(token) && redisUtils.hasKey(token)) {
                             // 从令牌中获取用户信息
                             Long userId = JwtUtils.getUserIdFromToken(token);
                             String username = JwtUtils.getUsernameFromToken(token);

tacit-gateway/src/main/java/com/tacit/gateway/filter/JwtAuthenticationFilter.java

@@ -72,8 +72,8 @@ public class JwtAuthenticationFilter extends AbstractGatewayFilterFactory<JwtAut
 
                 // 验证JWT令牌
                 try {
-                    Boolean isBlacklisted = redisTemplate.hasKey(token);
-                    if (!Boolean.TRUE.equals(isBlacklisted)) {
+                    Boolean isTokenValid = redisTemplate.hasKey(token);
+                    if (!isTokenValid) {
                         return unauthorizedResponse(exchange, "Token已被注销");
                     }
                     JwtUtils.validateToken(token);