From bd14cc66fbd99c5947c015d3007b896750ecb90c Mon Sep 17 00:00:00 2001 From: liyitian <2717355959@qq.com> Date: Sun, 14 Dec 2025 14:51:18 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E4=BD=9C=E4=B8=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/vibevault/security/JwtAuthenticationFilter.java | 4 ++-- src/main/java/com/vibevault/security/JwtService.java | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/vibevault/security/JwtAuthenticationFilter.java b/src/main/java/com/vibevault/security/JwtAuthenticationFilter.java index 1adb9a8..3587d37 100644 --- a/src/main/java/com/vibevault/security/JwtAuthenticationFilter.java +++ b/src/main/java/com/vibevault/security/JwtAuthenticationFilter.java @@ -66,9 +66,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { .orElse(null); if (user != null && jwtService.isTokenValid(jwt, user)) { - // 设置用户角色(当前只有默认角色) + // 从用户实体获取角色 List authorities = Collections.singletonList( - new SimpleGrantedAuthority("ROLE_USER") + new SimpleGrantedAuthority(user.getRole()) ); UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( diff --git a/src/main/java/com/vibevault/security/JwtService.java b/src/main/java/com/vibevault/security/JwtService.java index a87fef7..b581346 100644 --- a/src/main/java/com/vibevault/security/JwtService.java +++ b/src/main/java/com/vibevault/security/JwtService.java @@ -69,6 +69,7 @@ public class JwtService { return username.equals(extractedUsername) && expirationDate.after(now); } catch (Exception e) { + // 任何异常都表示 token 无效 return false; } }