diff --git a/pom.xml b/pom.xml
index 2e088cc..1adaa5e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
5.2.3
4.5.2
2.3
- 0.9.1
+ 0.12.5
4.5.0
3.0.3
8.2.0
@@ -190,7 +190,19 @@
io.jsonwebtoken
- jjwt
+ jjwt-api
+ ${jwt.version}
+
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ ${jwt.version}
+
+
+
+ io.jsonwebtoken
+ jjwt-jackson
${jwt.version}
diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index e66c99a..a165e8f 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -86,7 +86,7 @@ token:
# 令牌自定义标识
header: Authorization
# 令牌密钥
- secret: abcdefghijklmnopqrstuvwxyz
+ secret: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
# 令牌有效期(默认30分钟)
expireTime: 30
diff --git a/ruoyi-common/pom.xml b/ruoyi-common/pom.xml
index 5fda4b9..e994dc4 100644
--- a/ruoyi-common/pom.xml
+++ b/ruoyi-common/pom.xml
@@ -97,7 +97,20 @@
io.jsonwebtoken
- jjwt
+ jjwt-api
+ ${jwt.version}
+
+
+
+ io.jsonwebtoken
+ jjwt-impl
+ ${jwt.version}
+
+
+
+ io.jsonwebtoken
+ jjwt-jackson
+ ${jwt.version}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
index 980580f..1563785 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
@@ -4,6 +4,8 @@ import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
+import javax.crypto.SecretKey;
+
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@@ -20,7 +22,8 @@ import com.ruoyi.common.utils.uuid.IdUtils;
import eu.bitwalker.useragentutils.UserAgent;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.io.Decoders;
+import io.jsonwebtoken.security.Keys;
import jakarta.servlet.http.HttpServletRequest;
/**
@@ -29,8 +32,7 @@ import jakarta.servlet.http.HttpServletRequest;
* @author ruoyi
*/
@Component
-public class TokenService
-{
+public class TokenService {
// 令牌自定义标识
@Value("${token.header}")
private String header;
@@ -54,22 +56,17 @@ public class TokenService
*
* @return 用户信息
*/
- public LoginUser getLoginUser(HttpServletRequest request)
- {
+ public LoginUser getLoginUser(HttpServletRequest request) {
// 获取请求携带的令牌
String token = getToken(request);
- if (StringUtils.isNotEmpty(token))
- {
- try
- {
+ if (StringUtils.isNotEmpty(token)) {
+ try {
Claims claims = parseToken(token);
// 解析对应的权限以及用户信息
String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
LoginUser user = CacheUtils.get(CacheConstants.LOGIN_TOKEN_KEY, uuid, LoginUser.class);
return user;
- }
- catch (Exception e)
- {
+ } catch (Exception e) {
}
}
return null;
@@ -78,10 +75,8 @@ public class TokenService
/**
* 设置用户身份信息
*/
- public void setLoginUser(LoginUser loginUser)
- {
- if (StringUtils.isNotNull(loginUser) && StringUtils.isNotEmpty(loginUser.getToken()))
- {
+ public void setLoginUser(LoginUser loginUser) {
+ if (StringUtils.isNotNull(loginUser) && StringUtils.isNotEmpty(loginUser.getToken())) {
refreshToken(loginUser);
}
}
@@ -89,10 +84,8 @@ public class TokenService
/**
* 删除用户身份信息
*/
- public void delLoginUser(String token)
- {
- if (StringUtils.isNotEmpty(token))
- {
+ public void delLoginUser(String token) {
+ if (StringUtils.isNotEmpty(token)) {
CacheUtils.removeIfPresent(CacheConstants.LOGIN_TOKEN_KEY, token);
}
}
@@ -103,8 +96,7 @@ public class TokenService
* @param loginUser 用户信息
* @return 令牌
*/
- public String createToken(LoginUser loginUser)
- {
+ public String createToken(LoginUser loginUser) {
String token = IdUtils.fastUUID();
loginUser.setToken(token);
setUserAgent(loginUser);
@@ -120,12 +112,10 @@ public class TokenService
* @param loginUser
* @return 令牌
*/
- public void verifyToken(LoginUser loginUser)
- {
+ public void verifyToken(LoginUser loginUser) {
long expireTime = loginUser.getExpireTime();
long currentTime = System.currentTimeMillis();
- if (expireTime - currentTime <= MILLIS_MINUTE_TEN)
- {
+ if (expireTime - currentTime <= MILLIS_MINUTE_TEN) {
refreshToken(loginUser);
}
}
@@ -135,8 +125,7 @@ public class TokenService
*
* @param loginUser 登录信息
*/
- public void refreshToken(LoginUser loginUser)
- {
+ public void refreshToken(LoginUser loginUser) {
loginUser.setLoginTime(System.currentTimeMillis());
loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
// 根据uuid将loginUser缓存
@@ -148,8 +137,7 @@ public class TokenService
*
* @param loginUser 登录信息
*/
- public void setUserAgent(LoginUser loginUser)
- {
+ public void setUserAgent(LoginUser loginUser) {
UserAgent userAgent = UserAgent.parseUserAgentString(ServletUtils.getRequest().getHeader("User-Agent"));
String ip = IpUtils.getIpAddr();
loginUser.setIpaddr(ip);
@@ -164,11 +152,12 @@ public class TokenService
* @param claims 数据声明
* @return 令牌
*/
- private String createToken(Map claims)
- {
+ private String createToken(Map claims) {
+ SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
String token = Jwts.builder()
- .setClaims(claims)
- .signWith(SignatureAlgorithm.HS512, secret).compact();
+ .claims(claims)
+ .signWith(key)
+ .compact();
return token;
}
@@ -178,12 +167,13 @@ public class TokenService
* @param token 令牌
* @return 数据声明
*/
- private Claims parseToken(String token)
- {
+ private Claims parseToken(String token) {
+ SecretKey key = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
return Jwts.parser()
- .setSigningKey(secret)
- .parseClaimsJws(token)
- .getBody();
+ .verifyWith(key)
+ .build()
+ .parseSignedClaims(token)
+ .getPayload();
}
/**
@@ -192,8 +182,7 @@ public class TokenService
* @param token 令牌
* @return 用户名
*/
- public String getUsernameFromToken(String token)
- {
+ public String getUsernameFromToken(String token) {
Claims claims = parseToken(token);
return claims.getSubject();
}
@@ -204,11 +193,9 @@ public class TokenService
* @param request
* @return token
*/
- private String getToken(HttpServletRequest request)
- {
+ private String getToken(HttpServletRequest request) {
String token = request.getHeader(header);
- if (StringUtils.isNotEmpty(token) && token.startsWith(Constants.TOKEN_PREFIX))
- {
+ if (StringUtils.isNotEmpty(token) && token.startsWith(Constants.TOKEN_PREFIX)) {
token = token.replace(Constants.TOKEN_PREFIX, "");
}
return token;