marketing
/
services
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
Ver código fonte

bug fix

张延森 3 anos atrás
pai
2b803589a9
commit
267bafe3b1
2 arquivos alterados com 11 adições e 16 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 10
    15
      src/main/java/com/yunzhi/marketing/common/JWTUtils.java
  2. 1
    1
      src/main/java/com/yunzhi/marketing/interceptor/AccessInterceptor.java

+ 10
- 15
src/main/java/com/yunzhi/marketing/common/JWTUtils.java Ver arquivo 

@@ -24,14 +24,11 @@ public class JWTUtils {
24 24 
      * @return
25 25 
      */
26 26 
     public static String getSubject(HttpServletRequest request) {
27 
-        String jwtHeader = request.getHeader("authorization");
28 
-        if (null == jwtHeader || "".equals(jwtHeader.trim())) return null;
29 
-
30 
-        String[] jwtAuths = jwtHeader.split("Bearer ");
31 
-        if (null == jwtAuths || jwtAuths.length < 2) return null;
27 
+        String token = getToken(request);
28 
+        if (StringUtils.isEmpty(token)) return null;
32 29
33 30 
         try {
34 
-            return Jwts.parser().setSigningKey(key).parseClaimsJws(jwtAuths[1]).getBody().getSubject();
31 
+            return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody().getSubject();
35 32 
         } catch (Exception e) {
36 33 
             e.printStackTrace();
37 34 
         }

@@ -45,14 +42,11 @@ public class JWTUtils {
45 42 
      * @return
46 43 
      */
47 44 
     public static Map getUserIdAndOrgId(HttpServletRequest request) {
48 
-        String jwtHeader = request.getHeader("authorization");
49 
-        if (null == jwtHeader || "".equals(jwtHeader.trim())) return null;
50 
-
51 
-        String[] jwtAuths = jwtHeader.split("Bearer ");
52 
-        if (null == jwtAuths || jwtAuths.length < 2) return null;
45 
+        String token = getToken(request);
46 
+        if (StringUtils.isEmpty(token)) return null;
53 47
54 48 
         try {
55 
-            return Jwts.parser().setSigningKey(key).parseClaimsJws(jwtAuths[1]).getBody();
49 
+            return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody();
56 50 
         } catch (Exception e) {
57 51 
             e.printStackTrace();
58 52 
         }

@@ -70,13 +64,14 @@ public class JWTUtils {
70 64 
         if (null == jwtHeader || "".equals(jwtHeader.trim())) {
71 65 
             return null;
72 66 
         }
73 
-
67 
+
74 68 
         String[] jwtAuths = jwtHeader.split("Bearer ");
75 69 
         if (null == jwtAuths || jwtAuths.length < 2) {
76 70 
             return null;
77 71 
         }
78 
-
79 
-
72 
+
73 
+        if (StringUtils.isEmpty(jwtAuths[1])) return null;
74 
+
80 75 
         return jwtAuths[1];
81 76 
     }
82 77

+ 1
- 1
src/main/java/com/yunzhi/marketing/interceptor/AccessInterceptor.java Ver arquivo 

@@ -142,7 +142,7 @@ public class AccessInterceptor implements HandlerInterceptor {
142 142 
         }
143 143
144 144 
         String[] jwtAuths = jwtHeader.split("Bearer ");
145 
-        if (null == jwtAuths || jwtAuths.length < 2) {
145 
+        if (null == jwtAuths || jwtAuths.length < 2 || StringUtils.isEmpty(jwtAuths[1])) {
146 146 
             ResponseBean resp = ResponseBean.error("权限验证非法, 数据格式不正确", ResponseBean.ERROR_AUTH_FAIL);
147 147
148 148 
             response.addHeader("Content-type", "application/json");