联考版-迭代-token转义

stmms-ms-accesscontrol/src/main/java/cn/com/qmth/stmms/ms/accesscontrol/LoginInterceptor.java

@@ -14,6 +14,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.net.URLDecoder;
 import java.util.Objects;
 
 public class LoginInterceptor extends HandlerInterceptorAdapter {
@@ -43,6 +44,10 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
             response.sendError(HttpStatus.UNAUTHORIZED.value(), "身份验证失效，请重新登录!");
             return false;
         }
+
+        authorization = URLDecoder.decode(authorization, "UTF-8");
+        token = URLDecoder.decode(token, "UTF-8");
+
         String tokenDec = AesUtil.decoder(token, "token", null);
         String[] strs = tokenDec.split("#");
         String loginName = strs[1];

stmms-ms-accesscontrol/src/main/java/cn/com/qmth/stmms/ms/accesscontrol/api/AuthApi.java

@@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
+import java.net.URLEncoder;
 import java.util.List;
 import java.util.Objects;
 
@@ -103,8 +104,8 @@ public class AuthApi {
         }
 
         String token = System.currentTimeMillis() + "#" + domain.getLoginName() + "#" + domain.getId();
-        token = AesUtil.encoder(token, "token", null);
-//        session.setAttribute("token", System.currentTimeMillis() + "#" + domain.getLoginName() + "#" + domain.getId());
+        String tokenAes = AesUtil.encoder(token, "token", null);
+        token = URLEncoder.encode(tokenAes, "UTF-8");
         cacheService.saveTokenCache(domain.getId().toString(), token);
         domain.setToken(token);
         return domain;