修复：jwt过期之后，取过期时间为空，造成的空指针问题

4 years ago · 98806364b4
4 changed files with 19 additions and 10 deletions
--- a/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
+++ b/epmet-commons/epmet-commons-security/src/main/java/com/epmet/commons/security/sign/openapi/OpenApiSignUtils.java
@ -61,14 +61,15 @@ public class OpenApiSignUtils {

    public static void main(String[] args) {
        generateGetAccessTokenSign();
-        //generateGetOrgDetailSign();
+        System.out.println("==============");
+        generateGetOrgDetailSign();
    }

    private static void generateGetAccessTokenSign() {
        long now = System.currentTimeMillis();
        System.out.println(now);

-        String uuid = UUID.randomUUID().toString();
+        String uuid = UUID.randomUUID().toString().replace("-", "");

        HashMap<String, String> content = new HashMap<>();
        content.put("app_id", "7d98b8af2d05752b4225709c4cfd4bd0");
@ -87,7 +88,7 @@ public class OpenApiSignUtils {

    private static void generateGetOrgDetailSign() {
        long now = System.currentTimeMillis();
-        String uuid = UUID.randomUUID().toString();
+        String uuid = UUID.randomUUID().toString().replace("-", "");;
        System.out.println("时间戳:" + now);
        System.out.println("随机数:" + uuid);

--- a/epmet-gateway/src/main/java/com/epmet/auth/ExtAppTakeTokenAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/ExtAppTakeTokenAuthProcessor.java
@ -19,6 +19,8 @@ import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;

+import java.util.Date;
+
 /**
 * 外部应用认证处理器：来平台token的方式
 */
@ -37,8 +39,11 @@ public class ExtAppTakeTokenAuthProcessor extends ExtAppAuthProcessor {

        // 1.过期验证
        String accessTokenInCache = redisUtils.getString(RedisKeys.getOpenApiAccessTokenKey(appId));
+        Date expiration = jwtTokenUtils.getExpiration(token, secret);
        if (StringUtils.isBlank(accessTokenInCache) ||
-                jwtTokenUtils.isTokenExpired(jwtTokenUtils.getExpiration(token, secret))) {
+                expiration == null ||
+                jwtTokenUtils.isTokenExpired(expiration)
+        ) {

            throw new RenException(EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getCode(),
                    EpmetErrorCode.OPEN_API_TOKEN_EXPIRED.getMsg());
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/aspect/OpenApiRequestCheckAspect.java
@ -47,6 +47,11 @@ public class OpenApiRequestCheckAspect {
    @Autowired
    private EpmetCommonServiceOpenFeignClient commonServiceOpenFeignClient;

+    //请求时差单位：s
+    long requestTimeSecDiff = 120;
+    //请求时差，单位：ms
+    long requestTimeMillSecDiff = requestTimeSecDiff * 1000;//单位：ms
+
    private static final Logger log = LoggerFactory.getLogger(DataFilterAspect.class);

    /**
@ -117,10 +122,10 @@ public class OpenApiRequestCheckAspect {
        }
        long timestamp = Long.valueOf(timestampStr).longValue();
        long now = System.currentTimeMillis();
-        long requestTimeDiff = 120000;
-        if (Math.abs(now - timestamp) > requestTimeDiff) {
+
+        if (Math.abs(now - timestamp) > requestTimeMillSecDiff) {
            // 只允许1分钟之内的请求，允许服务器之间时差为1分钟
-            throw new RenException(String.format("请求已过时，允许时差为%s ms", requestTimeDiff));
+            throw new RenException(String.format("请求已过时，允许时差为%s s", requestTimeSecDiff));
        }
        String nonce = argMap.get(RequestParamKeys.NONCE);
        String nonceInCache = redisUtils.getString(RedisKeys.getOpenApiNonceKey(nonce));
@ -128,7 +133,7 @@ public class OpenApiRequestCheckAspect {
            throw new RenException("请求重复");
        }
        //将nonce缓存到redis，有效期1分钟
-        redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), System.currentTimeMillis(), requestTimeDiff);
+        redisUtils.set(RedisKeys.getOpenApiNonceKey(nonce), System.currentTimeMillis(), requestTimeSecDiff);
    }

    /**
--- a/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
+++ b/epmet-module/epmet-ext/epmet-ext-server/src/main/java/com/epmet/controller/OpenApiAccessTokenController.java
@ -5,8 +5,6 @@ import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.utils.Result;
-import com.epmet.commons.tools.validator.ValidatorUtils;
-import com.epmet.dto.form.openapi.OpenApiBaseFormDTO;
 import com.epmet.dto.result.openapi.GetAccessTokenResultDTO;
 import com.epmet.feign.EpmetCommonServiceOpenFeignClient;
 import com.epmet.service.OpenApiAccessTokenService;