1

src/main/java/com/boot/security/server/config/SecurityHandlerConfig.java

@@ -15,6 +15,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.util.StringUtils;
 
 import com.boot.security.server.dto.LoginUser;
 import com.boot.security.server.dto.ResponseInfo;
@@ -41,8 +42,15 @@ public class SecurityHandlerConfig {
 			public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 					Authentication authentication) throws IOException, ServletException {
 				LoginUser loginUser = (LoginUser) authentication.getPrincipal();
+				Token token = null;
+				String _token = tokenService.getTokenByUserId(loginUser.getId());
+				if (!StringUtils.isEmpty(_token)) {
+					token = Token.builder().token(_token).build();
+					tokenService.addExpireTime(loginUser);
+				} else {
+					token = tokenService.saveToken(loginUser);
+				}
 
-				Token token = tokenService.saveToken(loginUser);
 				ResponseUtil.responseJson(response, HttpStatus.OK.value(), token);
 			}
 		};

src/main/java/com/boot/security/server/service/TokenService.java

@@ -19,4 +19,8 @@ public interface TokenService {
 	LoginUser getLoginUser(String token);
 
 	boolean deleteToken(String token);
+
+	String getTokenByUserId(Long userId);
+
+	void addExpireTime(LoginUser loginUser);
 }

src/main/java/com/boot/security/server/service/impl/MailServiceImpl.java

@@ -26,7 +26,7 @@ public class MailServiceImpl implements MailService {
 	@Override
 	@Transactional
 	public void save(Mail mail, List<String> toUser) {
-		mail.setUserId(UserUtil.getCurrentUser().getId());
+		mail.setUserId(UserUtil.getLoginUser().getId());
 		mailDao.save(mail);
 
 		toUser.forEach(u -> {

src/main/java/com/boot/security/server/service/impl/SysLogServiceImpl.java

@@ -12,6 +12,7 @@ import com.boot.security.server.dao.SysLogsDao;
 import com.boot.security.server.model.SysLogs;
 import com.boot.security.server.model.SysUser;
 import com.boot.security.server.service.SysLogService;
+import com.boot.security.server.utils.UserUtil;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -25,7 +26,7 @@ public class SysLogServiceImpl implements SysLogService {
 	@Async
 	@Override
 	public void save(SysLogs sysLogs) {
-		SysUser user = UserUtil.getCurrentUser();
+		SysUser user = UserUtil.getLoginUser();
 		if (user == null || user.getId() == null) {
 			return;
 		}

src/main/java/com/boot/security/server/service/impl/TokenServiceImpl.java

@@ -6,6 +6,7 @@ import java.util.concurrent.TimeUnit;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
 import com.boot.security.server.dto.LoginUser;
@@ -22,12 +23,14 @@ public class TokenServiceImpl implements TokenService {
 	private Integer expireSeconds;
 	@Autowired
 	private RedisTemplate<String, LoginUser> redisTemplate;
+	@Autowired
+	private RedisTemplate<String, String> idTokenRedisTemplate;
 
 	@Override
 	public Token saveToken(LoginUser loginUser) {
 		String token = UUID.randomUUID().toString();
 		loginUser.setToken(token);
-		redisTemplate.boundValueOps(getKey(token)).set(loginUser, expireSeconds, TimeUnit.SECONDS);
+		updateLoginUser(loginUser);
 
 		return Token.builder().token(token).build();
 	}
@@ -35,20 +38,23 @@ public class TokenServiceImpl implements TokenService {
 	/**
 	 * 更新缓存的用户信息
 	 */
+	@Async
 	@Override
 	public void updateLoginUser(LoginUser loginUser) {
-		redisTemplate.boundValueOps(getKey(loginUser.getToken())).set(loginUser, expireSeconds, TimeUnit.SECONDS);
+		redisTemplate.boundValueOps(getTokenKey(loginUser.getToken())).set(loginUser, expireSeconds, TimeUnit.SECONDS);
+		idTokenRedisTemplate.boundValueOps(getUserIdKey(loginUser.getId())).set(loginUser.getToken(), expireSeconds,
+				TimeUnit.SECONDS);
 	}
 
 	@Override
 	public LoginUser getLoginUser(String token) {
-		return redisTemplate.boundValueOps(getKey(token)).get();
+		return redisTemplate.boundValueOps(getTokenKey(token)).get();
 	}
 
 	@Override
 	public boolean deleteToken(String token) {
-		if (redisTemplate.hasKey(getKey(token))) {
+		if (redisTemplate.hasKey(getTokenKey(token))) {
-			redisTemplate.delete(getKey(token));
+			redisTemplate.delete(getTokenKey(token));
 
 			return true;
 		}
@@ -56,8 +62,30 @@ public class TokenServiceImpl implements TokenService {
 		return false;
 	}
 
-	private String getKey(String token) {
+	private String getTokenKey(String token) {
 		return "tokens:" + token;
 	}
 
+	private String getUserIdKey(Long userId) {
+		return "users:id:" + userId;
+	}
+
+	/**
+	 * 根据userId获取token
+	 */
+	@Override
+	public String getTokenByUserId(Long userId) {
+		return idTokenRedisTemplate.opsForValue().get(getUserIdKey(userId));
+	}
+
+	/**
+	 * 重置token过期时间
+	 */
+	@Async
+	@Override
+	public void addExpireTime(LoginUser loginUser) {
+		redisTemplate.expire(getTokenKey(loginUser.getToken()), expireSeconds, TimeUnit.SECONDS);
+		idTokenRedisTemplate.expire(getUserIdKey(loginUser.getId()), expireSeconds, TimeUnit.SECONDS);
+	}
+
 }

src/main/java/com/boot/security/server/service/impl/UserServiceImpl.java

@@ -1,17 +1,23 @@
 package com.boot.security.server.service.impl;
 
 import java.util.List;
-import java.util.UUID;
 
-import org.apache.commons.codec.digest.DigestUtils;
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
 
+import com.boot.security.server.dao.PermissionDao;
 import com.boot.security.server.dao.UserDao;
+import com.boot.security.server.dto.LoginUser;
 import com.boot.security.server.dto.UserDto;
+import com.boot.security.server.model.Permission;
 import com.boot.security.server.model.SysUser;
+import com.boot.security.server.model.SysUser.Status;
+import com.boot.security.server.service.TokenService;
 import com.boot.security.server.service.UserService;
 
 import lombok.extern.slf4j.Slf4j;
@@ -22,14 +28,18 @@ public class UserServiceImpl implements UserService {
 
 	@Autowired
 	private UserDao userDao;
+	@Autowired
+	private BCryptPasswordEncoder passwordEncoder;
+	@Autowired
+	private PermissionDao permissionDao;
+	@Autowired
+	private TokenService tokenService;
 
 	@Override
 	@Transactional
 	public SysUser saveUser(UserDto userDto) {
 		SysUser user = userDto;
-		user.setSalt(DigestUtils
+		user.setPassword(passwordEncoder.encode(user.getPassword()));
-				.md5Hex(UUID.randomUUID().toString() + System.currentTimeMillis() + UUID.randomUUID().toString()));
-		user.setPassword(passwordEncoder(user.getPassword(), user.getSalt()));
 		user.setStatus(Status.VALID);
 		userDao.save(user);
 		saveUserRoles(user.getId(), userDto.getRoleIds());
@@ -47,12 +57,6 @@ public class UserServiceImpl implements UserService {
 		}
 	}
 
-	@Override
-	public String passwordEncoder(String credentials, String salt) {
-		Object object = new SimpleHash("MD5", credentials, salt, UserConstants.HASH_ITERATIONS);
-		return object.toString();
-	}
-
 	@Override
 	public SysUser getUser(String username) {
 		return userDao.getUser(username);
@@ -65,11 +69,11 @@ public class UserServiceImpl implements UserService {
 			throw new IllegalArgumentException("用户不存在");
 		}
 
-		if (!u.getPassword().equals(passwordEncoder(oldPassword, u.getSalt()))) {
+		if (passwordEncoder.matches(oldPassword, u.getPassword())) {
 			throw new IllegalArgumentException("密码错误");
 		}
 
-		userDao.changePassword(u.getId(), passwordEncoder(newPassword, u.getSalt()));
+		userDao.changePassword(u.getId(), passwordEncoder.encode(newPassword));
 
 		log.debug("修改{}的密码", username);
 	}
@@ -79,16 +83,23 @@ public class UserServiceImpl implements UserService {
 	public SysUser updateUser(UserDto userDto) {
 		userDao.update(userDto);
 		saveUserRoles(userDto.getId(), userDto.getRoleIds());
-		updateUserSession(userDto.getId());
+		updateUserCache(userDto.getId());
 
 		return userDto;
 	}
 
-	private void updateUserSession(Long id) {
+	private void updateUserCache(Long id) {
-		SysUser current = UserUtil.getCurrentUser();
+		SysUser sysUser = userDao.getById(id);
-		if (current.getId().equals(id)) {
+		String token = tokenService.getTokenByUserId(id);
-			SysUser user = userDao.getById(id);
+		if (!StringUtils.isEmpty(token)) {
-			UserUtil.setUserSession(user);
+			LoginUser loginUser = new LoginUser();
+			loginUser.setToken(token);
+			BeanUtils.copyProperties(sysUser, loginUser);
+
+			List<Permission> permissions = permissionDao.listByUserId(sysUser.getId());
+			loginUser.setPermissions(permissions);
+
+			tokenService.updateLoginUser(loginUser);
 		}
 	}
 }

src/main/java/com/boot/security/server/utils/UserUtil.java

@@ -15,7 +15,7 @@ import com.zw.admin.server.model.User;
 
 public class UserUtil {
 
-	public static SysUser getLoginUser() {
+	public static LoginUser getLoginUser() {
 		LoginUser loginUser = (LoginUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
 
 		return loginUser;