1. 捕捉token is null 异常

2. 添加了访问需要项目名称

xiaoan-web/src/main/java/com/xiaoan/web/backend/UserController.java

@@ -27,7 +27,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
-import javax.validation.Valid;
 import java.util.*;
 
 
@@ -51,6 +50,7 @@ public class UserController extends BaseController {
     @Autowired
     private RoleService roleService;
 
+
     @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @WebControllerLog(description = "用户管理-查看用户列表/搜索")
     @ApiOperation("分页获取用户列表")

xiaoan-web/src/main/java/com/xiaoan/web/shiro/JWTFilter.java

@@ -10,6 +10,7 @@ import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
@@ -29,6 +30,8 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
     /**
      * 判断用户是否想要登入。
      * 检测header里面是否包含Authorization字段即可
+     *
+     * return false：直接不校验就可以访问api
      */
     @Override
     protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
@@ -50,7 +53,7 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
 //            this.writeResponse(response, jsonObject);
 
             // 直接返回false， ExceptionController的ShiroException.class是能捕捉到5003那个异常的
-            return false;
+//            return false;
         }
 
         return true;
@@ -113,7 +116,7 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
                 }
                 // 直接返回Response信息
                 this.writeResponse(response, jsonObject);
-                return false;
+//                return false;
             }
         }
         // return false 前端没有响应，接收不到异常
@@ -140,17 +143,6 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
         return super.preHandle(request, response);
     }
 
-    /**
-     * 将非法请求跳转到 /401
-     */
-//    private void response401(ServletRequest req, ServletResponse resp) {
-//        try {
-//            HttpServletResponse httpServletResponse = (HttpServletResponse) resp;
-//            httpServletResponse.sendRedirect("/401");
-//        } catch (IOException e) {
-//            log.error(e.getMessage());
-//        }
-//    }
 
     /**
      * 无需转发，直接返回Response信息
@@ -159,18 +151,17 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
     private void writeResponse(ServletResponse response, JSONObject msg) {
         response.setCharacterEncoding("UTF-8");
         response.setContentType("application/json; charset=utf-8");
-        PrintWriter out = null;
+        ServletOutputStream outputStream = null;
         try {
-            out = response.getWriter();
-            out.append(msg.toString());
-            out.flush();
-            out.close();
+            outputStream = response.getOutputStream();
         } catch (IOException e) {
             e.printStackTrace();
-        } finally {
-            if (out != null){
-                out.close();
-            }
         }
+        assert outputStream != null;
+        PrintWriter printWriter = new PrintWriter(outputStream, true);
+        printWriter.write(msg.toString());//直接将json输出到页面
+        printWriter.flush();
+        printWriter.close();
+
     }
 }

xiaoan-web/src/main/java/com/xiaoan/web/shiro/MyRealm.java

@@ -115,31 +115,27 @@ public class MyRealm extends AuthorizingRealm {
         // 解密获得username，用于和数据库进行对比
         String username = JwtUtil2.getUsername(token);
         if (username == null) {
-            log.info("error token username");
-//            throw new AuthenticationException("token invalid");
+            log.error("error token username");
             throw new JwtAuthenticationException(5001, "token invalid");
         }
 
         UserEntity userEntity = userService.findByUserName(username);
         if (userEntity == null) {
-            log.info("error token userEntity");
-//            throw new AuthenticationException("UserEntity didn't existed!");
+            log.error("error token userEntity");
             throw new JwtAuthenticationException(5001, "User didn't existed!");
         }
 
         // 校验请求token是否跟redis token一致
         String redisToken = redisTemplate.opsForValue().get(userEntity.getUserName());
         if (!token.equals(redisToken)) {
-            log.info("error token redis");
-//            throw new AuthenticationException("token invalid");
+            log.error("error token redis");
             throw new JwtAuthenticationException(5001, "token invalid");
 
         }
 
 
         if (! JwtUtil2.isVerify(token, username)) {
-            log.info("error token username or password");
-//            throw new AuthenticationException("token invalid");
+            log.error("error token username or password");
             throw new JwtAuthenticationException(5001, "token invalid");
         }