From 524ad4e6ddc04f2f0cfacb33f42c2f022629bbbb Mon Sep 17 00:00:00 2001
From: abbfun <819589789@qq.com>
Date: Mon, 23 May 2022 15:36:18 +0800
Subject: [PATCH] fastjson 版本升级 fastjson <= 1.2.80 存在反序列化任意代码执行漏洞

---
 ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
index 943eae2..5b4c414 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
@@ -60,12 +60,18 @@
         String token = getToken(request);
         if (StringUtils.isNotEmpty(token))
         {
-            Claims claims = parseToken(token);
-            // 解析对应的权限以及用户信息
-            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
-            String userKey = getTokenKey(uuid);
-            LoginUser user = redisCache.getCacheObject(userKey);
-            return user;
+            try
+            {
+                Claims claims = parseToken(token);
+                // 解析对应的权限以及用户信息
+                String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
+                String userKey = getTokenKey(uuid);
+                LoginUser user = redisCache.getCacheObject(userKey);
+                return user;
+            }
+            catch (Exception e)
+            {
+            }
         }
         return null;
     }

--
Gitblit v1.9.2