New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

token认证存在bug #174

Open

drawwon opened this issue Nov 19, 2019 · 0 comments

drawwon commented Nov 19, 2019 •

edited

user-service，user-provider项目中com.gpmall.user.utils.JwtTokenUtils#freeJwt，这个方法中：

//获得token的头部，载荷和签名，只对比头部和载荷
String[] headPayload = token.split("\\.");
 //获得jwt解密后头部
String header = decodedJWT.getHeader();
//获得jwt解密后载荷
String payload = decodedJWT.getPayload();
if (!header.equals(headPayload[0]) && !payload.equals(headPayload[1])) {
throw new ValidateException(SysRetCodeConstants.TOKEN_VALID_FAILED.getCode(), SysRetCodeConstants.TOKEN_VALID_FAILED.getMessage());
        }

其中header和payload都是解密之后的，而headPayload是解密之前的，这里是否存在逻辑错误，希望大家帮忙看看

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment