Merge pull request #6199 from EightMonth/springboot3_sas

修复#6168\#6169\websocket连接问题

jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java

@@ -160,6 +160,9 @@ public class AutoLogAspect {
                     if(value!=null && value.toString().length()>length){
                         return false;
                     }
+                    if(value instanceof MultipartFile){
+                        return false;
+                    }
                     return true;
                 }
             };

jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java

@@ -12,6 +12,12 @@ import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
 
 import jakarta.servlet.http.HttpServletRequest;
+import org.jeecg.config.security.JeecgRedisOAuth2AuthorizationService;
+import org.springframework.data.redis.serializer.SerializationException;
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
+
+import java.util.Objects;
 
 /**
  * @Author scott
@@ -112,7 +118,7 @@ public class TokenUtils {
             throw new JeecgBoot401Exception("账号已被锁定,请联系管理员!");
         }
         // 校验token是否超时失效 & 或者账号密码是否错误
-        if (!jwtTokenRefresh(token, username, user.getPassword(), redisUtil)) {
+        if (!jwtTokenRefresh(token, username, user.getPassword())) {
             throw new JeecgBoot401Exception(CommonConstant.TOKEN_IS_INVALID_MSG);
         }
         return true;
@@ -141,6 +147,15 @@ public class TokenUtils {
         return false;
     }
 
+    private static boolean jwtTokenRefresh(String token, String userName, String passWord) {
+        JeecgRedisOAuth2AuthorizationService authRedis = SpringContextUtils.getBean(JeecgRedisOAuth2AuthorizationService.class);
+        OAuth2Authorization authorization = authRedis.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
+        if (Objects.nonNull(authorization) && JwtUtil.verify(token, userName, passWord)) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * 获取登录用户
      *

jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationProvider.java

@@ -3,6 +3,7 @@ package org.jeecg.config.security.app;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.exception.JeecgCaptchaException;
@@ -34,6 +35,7 @@ import org.springframework.security.oauth2.server.authorization.token.DefaultOAu
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import java.security.Principal;
 import java.util.*;
@@ -116,6 +118,10 @@ public class AppGrantAuthenticationProvider implements AuthenticationProvider {
 
         // 通过用户名获取用户信息
         LoginUser loginUser = commonAPI.getUserByName(username);
+        if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
+            redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
+            loginUser = commonAPI.getUserByName(username);
+        }
         // 检查用户可行性
         checkUserIsEffective(loginUser);
 

jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationProvider.java

@@ -3,6 +3,7 @@ package org.jeecg.config.security.password;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.exception.JeecgCaptchaException;
@@ -35,6 +36,7 @@ import org.springframework.security.oauth2.server.authorization.token.DefaultOAu
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
 import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import java.security.Principal;
 import java.util.*;
@@ -117,6 +119,10 @@ public class PasswordGrantAuthenticationProvider implements AuthenticationProvid
 
         // 通过用户名获取用户信息
         LoginUser loginUser = commonAPI.getUserByName(username);
+        if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
+            redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
+            loginUser = commonAPI.getUserByName(username);
+        }
         // 检查用户可行性
         checkUserIsEffective(loginUser);