diff --git a/src/main/java/com/light/delivery/config/RequestLogInterceptor.java b/src/main/java/com/light/delivery/config/RequestLogInterceptor.java index 158e095..0253610 100644 --- a/src/main/java/com/light/delivery/config/RequestLogInterceptor.java +++ b/src/main/java/com/light/delivery/config/RequestLogInterceptor.java @@ -14,15 +14,19 @@ public class RequestLogInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { - // 关键:将请求转换为 ContentCachingRequestWrapper 类型 - ContentCachingRequestWrapper wrappedRequest = (ContentCachingRequestWrapper) request; + // 安全地处理请求包装器 + String body = "[无法读取请求体]"; + if (request instanceof ContentCachingRequestWrapper) { + ContentCachingRequestWrapper wrappedRequest = (ContentCachingRequestWrapper) request; + body = getRequestBody(wrappedRequest); + } logger.debug("\n=== 收到请求 ===\nMethod: {}\nURI: {}\nParams: {}\nHeaders: {}\nBody: {}", request.getMethod(), request.getRequestURI(), request.getQueryString(), getHeadersAsString(request), - getRequestBody(wrappedRequest)); // 传入包装后的请求 + body); return true; } diff --git a/src/main/java/com/light/delivery/util/JwtUtil.java b/src/main/java/com/light/delivery/util/JwtUtil.java index aed5308..57cf582 100644 --- a/src/main/java/com/light/delivery/util/JwtUtil.java +++ b/src/main/java/com/light/delivery/util/JwtUtil.java @@ -34,6 +34,23 @@ public class JwtUtil { @Value("${jwt.expiration}") private Long expiration; + /** + * 用于签名JWT的安全密钥 + */ + private SecretKey secretKey; + + /** + * 在初始化时根据配置的密钥创建安全的SecretKey + */ + public void init() { + if (secret != null && !secret.isEmpty()) { + // 如果配置了密钥,则使用它创建SecretKey + secretKey = Keys.hmacShaKeyFor(secret.getBytes()); + } else { + // 否则生成一个随机的安全密钥 + secretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512); + } + } /** * 生成一个安全的随机密钥,并打印其Base64编码字符串(用于配置到配置文件中) @@ -69,12 +86,17 @@ public class JwtUtil { * @return Token 字符串 */ private String createToken(Map claims, String subject) { + // 确保secretKey已初始化 + if (secretKey == null) { + init(); + } + return Jwts.builder() .setClaims(claims) .setSubject(subject) .setIssuedAt(new Date(System.currentTimeMillis())) .setExpiration(new Date(System.currentTimeMillis() + expiration * 1000)) - .signWith(SignatureAlgorithm.HS512, secret) + .signWith(secretKey) .compact(); } @@ -89,8 +111,14 @@ public class JwtUtil { throw new IllegalArgumentException("Token cannot be null"); } - Claims claims = Jwts.parser() - .setSigningKey(secret) // secret 为你的 JWT 密钥 + // 确保secretKey已初始化 + if (secretKey == null) { + init(); + } + + Claims claims = Jwts.parserBuilder() + .setSigningKey(secretKey) + .build() .parseClaimsJws(token.replace("Bearer ", "")) .getBody(); return claims.getSubject(); // subject 通常存储用户名 @@ -157,7 +185,16 @@ public class JwtUtil { * @return 声明信息 */ private Claims extractAllClaims(String token) { - return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody(); + // 确保secretKey已初始化 + if (secretKey == null) { + init(); + } + + return Jwts.parserBuilder() + .setSigningKey(secretKey) + .build() + .parseClaimsJws(token) + .getBody(); } /**