From 9f03dc27cc0047d1a260cc0922a23b9aae3cdbbd Mon Sep 17 00:00:00 2001
From: hongawen <83944980@qq.com>
Date: Tue, 26 May 2026 19:11:17 +0800
Subject: [PATCH] =?UTF-8?q?fix(security):=20=E4=BF=AE=E5=A4=8Dtoken?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E8=BF=87=E6=BB=A4=E5=99=A8=E5=BC=82=E6=AD=A5?=
 =?UTF-8?q?=E5=88=B7=E6=96=B0=E5=BC=82=E5=B8=B8=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 添加Slf4j注解用于日志记录
- 在load方法中添加try-catch块捕获ServiceException异常
- 当远端token过期或校验失败时返回LOGIN_USER_EMPTY而不是抛出异常
- 记录token校验失败的日志信息避免被Guava包装为ExecutionException
- 防止异步刷新线程将预期的验证异常作为未捕获异常打印到日志中
---
 .../filter/security/TokenAuthenticationFilter.java | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/rdms-gateway/src/main/java/com/njcn/rdms/gateway/filter/security/TokenAuthenticationFilter.java b/rdms-gateway/src/main/java/com/njcn/rdms/gateway/filter/security/TokenAuthenticationFilter.java
index 00eed22..d5d7780 100644
--- a/rdms-gateway/src/main/java/com/njcn/rdms/gateway/filter/security/TokenAuthenticationFilter.java
+++ b/rdms-gateway/src/main/java/com/njcn/rdms/gateway/filter/security/TokenAuthenticationFilter.java
@@ -14,6 +14,7 @@ import com.njcn.rdms.framework.common.util.json.JsonUtils;
 import com.njcn.rdms.gateway.util.SecurityFrameworkUtils;
 import com.njcn.rdms.gateway.util.WebFrameworkUtils;
 import com.njcn.rdms.module.system.enums.ErrorCodeConstants;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalancerExchangeFilterFunction;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
@@ -30,6 +31,7 @@ import java.util.function.Function;
 
 import static com.njcn.rdms.framework.common.util.cache.CacheUtils.buildAsyncReloadingCache;
 
+@Slf4j
 @Component
 public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
 
@@ -57,8 +59,16 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
 
                 @Override
                 public LoginUser load(String token) {
-                    String body = checkAccessToken(token).block();
-                    return buildUser(body, token);
+                    // 仅异步 refresh 走这里（同步链路用 getIfPresent + 直接 checkAccessToken，不触发 load）
+                    // 远端 token 已过期/校验失败时吞掉 ServiceException：
+                    // 若抛出，会被 Guava 包成 ExecutionException 并由刷新线程池作为 UncaughtException 打到日志，看起来像故障。
+                    try {
+                        String body = checkAccessToken(token).block();
+                        return buildUser(body, token);
+                    } catch (ServiceException ex) {
+                        log.info("[loginUserCache] 异步刷新忽略 token 校验失败：code={}, msg={}", ex.getCode(), ex.getMessage());
+                        return LOGIN_USER_EMPTY;
+                    }
                 }
 
             });