add

qiaoba-auth/src/main/java/com/qiaoba/auth/filters/AuthenticationCoreFilter.java

@@ -43,7 +43,7 @@ public class AuthenticationCoreFilter extends OncePerRequestFilter {
     protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain chain) throws ServletException, IOException {
-
+        // 白名单 放行
         if (authConfigProperties.getWhitelist().contains(request.getRequestURI())) {
             chain.doFilter(request, response);
             return;
@@ -56,32 +56,29 @@ public class AuthenticationCoreFilter extends OncePerRequestFilter {
         String deviceSn = onlineUserDto.getDeviceSn();
         UserDetails userDetails = userDetailsService.loadUserByUsername(username);
 
-        // 不是退出请求
-        if (!SecurityConstant.LOGOUT_URI.equals(request.getRequestURI())) {
-            // 不允许同时在线
-            if (!authConfigApiService.checkAllowBothOnline()) {
-                if (redisService.hasKey(SecurityConstant.LOGGED_USER_REDIS_KEY + username)) {
-                    if (!onlineUserService.checkIsLastLogged(username, deviceSn)) {
-                        onlineUserService.deleteOne(username, deviceSn, true);
-                        ResponseUtil.errorAuth(response, 4012, "被挤下线");
-                        return;
-                    }
-                } else {
-                    ResponseUtil.errorAuth(response, 4011, "登陆过期");
+        // 不允许同时在线
+        if (!authConfigApiService.checkAllowBothOnline()) {
+            if (redisService.hasKey(SecurityConstant.LOGGED_USER_REDIS_KEY + username)) {
+                if (!onlineUserService.checkIsLastLogged(username, deviceSn)) {
+                    onlineUserService.deleteOne(username, deviceSn, true);
+                    ResponseUtil.errorAuth(response, 4012, "被挤下线");
                     return;
                 }
+            } else {
+                ResponseUtil.errorAuth(response, 4011, "登陆过期");
+                return;
             }
-            // 允许同时在线
-            else {
-                if (Objects.isNull(userDetails)) {
-                    ResponseUtil.errorAuth(response, 4011, "登陆过期");
-                    return;
-                }
+        }
+        // 允许同时在线
+        else {
+            if (Objects.isNull(userDetails)) {
+                ResponseUtil.errorAuth(response, 4011, "登陆过期");
+                return;
             }
         }
 
         // 更新 SecurityContextHolder Authentication, 为了保证 SecurityContext 上下文中 userDetails 是最新的
-        if (Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) {
+        if (Objects.nonNull(userDetails) && Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) {
             UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
             authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
             SecurityContextHolder.getContext().setAuthentication(authentication);

qiaoba-auth/src/main/java/com/qiaoba/auth/handler/LogoutHandler.java

@@ -11,6 +11,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Objects;
 
 /**
  * 退出处理器