张延森 3 anos atrás
pai
commit
267bafe3b1

+ 10
- 15
src/main/java/com/yunzhi/marketing/common/JWTUtils.java Ver arquivo

@@ -24,14 +24,11 @@ public class JWTUtils {
24 24
      * @return
25 25
      */
26 26
     public static String getSubject(HttpServletRequest request) {
27
-        String jwtHeader = request.getHeader("authorization");
28
-        if (null == jwtHeader || "".equals(jwtHeader.trim())) return null;
29
-
30
-        String[] jwtAuths = jwtHeader.split("Bearer ");
31
-        if (null == jwtAuths || jwtAuths.length < 2) return null;
27
+        String token = getToken(request);
28
+        if (StringUtils.isEmpty(token)) return null;
32 29
 
33 30
         try {
34
-            return Jwts.parser().setSigningKey(key).parseClaimsJws(jwtAuths[1]).getBody().getSubject();
31
+            return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody().getSubject();
35 32
         } catch (Exception e) {
36 33
             e.printStackTrace();
37 34
         }
@@ -45,14 +42,11 @@ public class JWTUtils {
45 42
      * @return
46 43
      */
47 44
     public static Map getUserIdAndOrgId(HttpServletRequest request) {
48
-        String jwtHeader = request.getHeader("authorization");
49
-        if (null == jwtHeader || "".equals(jwtHeader.trim())) return null;
50
-        
51
-        String[] jwtAuths = jwtHeader.split("Bearer ");
52
-        if (null == jwtAuths || jwtAuths.length < 2) return null;
45
+        String token = getToken(request);
46
+        if (StringUtils.isEmpty(token)) return null;
53 47
         
54 48
         try {
55
-            return Jwts.parser().setSigningKey(key).parseClaimsJws(jwtAuths[1]).getBody();
49
+            return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody();
56 50
         } catch (Exception e) {
57 51
             e.printStackTrace();
58 52
         }
@@ -70,13 +64,14 @@ public class JWTUtils {
70 64
         if (null == jwtHeader || "".equals(jwtHeader.trim())) {
71 65
             return null;
72 66
         }
73
-        
67
+
74 68
         String[] jwtAuths = jwtHeader.split("Bearer ");
75 69
         if (null == jwtAuths || jwtAuths.length < 2) {
76 70
             return null;
77 71
         }
78
-        
79
-        
72
+
73
+        if (StringUtils.isEmpty(jwtAuths[1])) return null;
74
+
80 75
         return jwtAuths[1];
81 76
     }
82 77
 

+ 1
- 1
src/main/java/com/yunzhi/marketing/interceptor/AccessInterceptor.java Ver arquivo

@@ -142,7 +142,7 @@ public class AccessInterceptor implements HandlerInterceptor {
142 142
         }
143 143
 
144 144
         String[] jwtAuths = jwtHeader.split("Bearer ");
145
-        if (null == jwtAuths || jwtAuths.length < 2) {
145
+        if (null == jwtAuths || jwtAuths.length < 2 || StringUtils.isEmpty(jwtAuths[1])) {
146 146
             ResponseBean resp = ResponseBean.error("权限验证非法, 数据格式不正确", ResponseBean.ERROR_AUTH_FAIL);
147 147
 
148 148
             response.addHeader("Content-type", "application/json");