会员管理代码

baqing-shop/src/main/java/com/ruoyi/web/controller/monitor/SysUserOnlineController.java

@@ -20,6 +20,7 @@ import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.core.redis.RedisCache;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.web.service.LoginUserRedisStore;
 import com.ruoyi.system.domain.SysUserOnline;
 import com.ruoyi.system.service.ISysUserOnlineService;
 
@@ -38,6 +39,9 @@ public class SysUserOnlineController extends BaseController
     @Autowired
     private RedisCache redisCache;
 
+    @Autowired
+    private LoginUserRedisStore loginUserRedisStore;
+
     @PreAuthorize("@ss.hasPermi('monitor:online:list')")
     @GetMapping("/list")
     public TableDataInfo list(String ipaddr, String userName)
@@ -46,7 +50,7 @@ public class SysUserOnlineController extends BaseController
         List<SysUserOnline> userOnlineList = new ArrayList<SysUserOnline>();
         for (String key : keys)
         {
-            LoginUser user = redisCache.getCacheObject(key);
+            LoginUser user = loginUserRedisStore.load(key);
             if (StringUtils.isNotEmpty(ipaddr) && StringUtils.isNotEmpty(userName))
             {
                 userOnlineList.add(userOnlineService.selectOnlineByInfo(ipaddr, userName, user));
@@ -77,7 +81,7 @@ public class SysUserOnlineController extends BaseController
     @DeleteMapping("/{tokenId}")
     public AjaxResult forceLogout(@PathVariable String tokenId)
     {
-        redisCache.deleteObject(CacheConstants.LOGIN_TOKEN_KEY + tokenId);
+        loginUserRedisStore.delete(CacheConstants.LOGIN_TOKEN_KEY + tokenId);
         return success();
     }
 }

baqing-shop/src/main/resources/logback.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
     <!-- 日志存放路径 -->
-	<property name="log.path" value="/home/ruoyi/logs" />
+	<property name="log.path" value="/home/baqingShop/logs" />
     <!-- 日志输出格式 -->
 	<property name="log.pattern" value="%d{HH:mm:ss.SSS} [%thread] %-5level %logger{20} - [%method,%line] - %msg%n" />
 

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java

@@ -6,6 +6,9 @@ import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
+import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.ruoyi.common.annotation.Excel;
 import com.ruoyi.common.annotation.Excel.ColumnType;
 import com.ruoyi.common.core.domain.BaseEntity;
@@ -15,6 +18,7 @@ import com.ruoyi.common.core.domain.BaseEntity;
  * 
  * @author ruoyi
  */
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class SysRole extends BaseEntity
 {
     private static final long serialVersionUID = 1L;
@@ -40,9 +44,11 @@ public class SysRole extends BaseEntity
     private String dataScope;
 
     /** 菜单树选择项是否关联显示（ 0：父子不互相关联显示 1：父子互相关联显示） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean menuCheckStrictly;
 
     /** 部门树选择项是否关联显示（0：父子不互相关联显示 1：父子互相关联显示 ） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean deptCheckStrictly;
 
     /** 角色状态（0正常 1停用） */
@@ -52,7 +58,8 @@ public class SysRole extends BaseEntity
     /** 删除标志（0代表存在 2代表删除） */
     private String delFlag;
 
-    /** 用户是否存在此角色标识 默认不存在 */
+    /** 用户是否存在此角色标识 默认不存在（仅前端角色分配 UI 使用，不入 Redis） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean flag = false;
 
     /** 菜单组 */
@@ -84,11 +91,20 @@ public class SysRole extends BaseEntity
         this.roleId = roleId;
     }
 
+    @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
     public boolean isAdmin()
     {
         return isAdmin(this.roleId);
     }
 
+    /** 兼容历史 Redis 缓存中的 admin 字段，反序列化时忽略 */
+    @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
+    public void setAdmin(boolean admin)
+    {
+    }
+
     public static boolean isAdmin(Long roleId)
     {
         return roleId != null && 1L == roleId;
@@ -139,21 +155,25 @@ public class SysRole extends BaseEntity
         this.dataScope = dataScope;
     }
 
+    @JsonIgnore
     public boolean isMenuCheckStrictly()
     {
         return menuCheckStrictly;
     }
 
+    @JsonIgnore
     public void setMenuCheckStrictly(boolean menuCheckStrictly)
     {
         this.menuCheckStrictly = menuCheckStrictly;
     }
 
+    @JsonIgnore
     public boolean isDeptCheckStrictly()
     {
         return deptCheckStrictly;
     }
 
+    @JsonIgnore
     public void setDeptCheckStrictly(boolean deptCheckStrictly)
     {
         this.deptCheckStrictly = deptCheckStrictly;
@@ -179,11 +199,13 @@ public class SysRole extends BaseEntity
         this.delFlag = delFlag;
     }
 
+    @JsonIgnore
     public boolean isFlag()
     {
         return flag;
     }
 
+    @JsonIgnore
     public void setFlag(boolean flag)
     {
         this.flag = flag;

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java

@@ -6,12 +6,15 @@ import javax.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.ruoyi.common.annotation.Excel;
 import com.ruoyi.common.annotation.Excel.ColumnType;
 import com.ruoyi.common.annotation.Excel.Type;
 import com.ruoyi.common.annotation.Excels;
 import com.ruoyi.common.core.domain.BaseEntity;
+import com.alibaba.fastjson2.annotation.JSONField;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.xss.Xss;
 
@@ -20,6 +23,7 @@ import com.ruoyi.common.xss.Xss;
  * 
  * @author ruoyi
  */
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class SysUser extends BaseEntity
 {
     private static final long serialVersionUID = 1L;
@@ -116,11 +120,19 @@ public class SysUser extends BaseEntity
         this.userId = userId;
     }
 
+    @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
     public boolean isAdmin()
     {
         return SecurityUtils.isAdmin(this.userId);
     }
 
+    /** 兼容历史 Redis 缓存中的 admin 字段，反序列化时忽略 */
+    @JSONField(serialize = false, deserialize = false)
+    public void setAdmin(boolean admin)
+    {
+    }
+
     public Long getDeptId()
     {
         return deptId;

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/model/LoginUser.java

@@ -1,6 +1,7 @@
 package com.ruoyi.common.core.domain.model;
 
 import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -120,6 +121,7 @@ public class LoginUser implements UserDetails
     }
 
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public String getPassword()
     {
@@ -136,6 +138,7 @@ public class LoginUser implements UserDetails
      * 账户是否未过期,过期无法验证
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isAccountNonExpired()
     {
@@ -148,6 +151,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isAccountNonLocked()
     {
@@ -160,6 +164,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isCredentialsNonExpired()
     {
@@ -172,6 +177,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isEnabled()
     {

ruoyi-framework/src/main/java/com/ruoyi/framework/config/FastJson2JsonRedisSerializer.java

@@ -47,6 +47,6 @@ public class FastJson2JsonRedisSerializer<T> implements RedisSerializer<T>
         }
         String str = new String(bytes, DEFAULT_CHARSET);
 
-        return JSON.parseObject(str, clazz, AUTO_TYPE_FILTER, JSONReader.Feature.SupportAutoType);
+        return JSON.parseObject(str, clazz, AUTO_TYPE_FILTER);
     }
 }

ruoyi-framework/src/main/java/com/ruoyi/framework/security/handle/LogoutSuccessHandlerImpl.java

@@ -43,11 +43,13 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
         if (StringUtils.isNotNull(loginUser))
         {
             String userName = loginUser.getUsername();
-            // 删除用户缓存记录
             tokenService.delLoginUser(loginUser.getToken());
-            // 记录用户退出日志
             AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
         }
+        else
+        {
+            tokenService.clearLoginCache(request);
+        }
         ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success(MessageUtils.message("user.logout.success"))));
     }
 }

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/LoginUserRedisStore.java

@@ -0,0 +1,132 @@
+package com.ruoyi.framework.web.service;
+
+import java.nio.charset.StandardCharsets;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.data.redis.core.RedisCallback;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.JSONReader;
+import com.alibaba.fastjson2.filter.Filter;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ruoyi.common.constant.Constants;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.utils.StringUtils;
+
+/**
+ * 登录用户 Redis 存储：使用 Jackson 原始 JSON 字节，避免 FastJSON2 反序列化 LoginUser 嵌套对象异常。
+ */
+@Component
+public class LoginUserRedisStore
+{
+    private static final Logger log = LoggerFactory.getLogger(LoginUserRedisStore.class);
+
+    private static final Filter LEGACY_AUTO_TYPE_FILTER =
+            JSONReader.autoTypeFilter(Constants.JSON_WHITELIST_STR);
+
+    private final RedisTemplate<Object, Object> redisTemplate;
+
+    private final ObjectMapper objectMapper;
+
+    public LoginUserRedisStore(RedisTemplate<Object, Object> redisTemplate)
+    {
+        this.redisTemplate = redisTemplate;
+        this.objectMapper = new ObjectMapper();
+        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    }
+
+    public void save(String key, LoginUser loginUser, long timeoutMinutes)
+    {
+        if (StringUtils.isEmpty(key) || loginUser == null)
+        {
+            return;
+        }
+        try
+        {
+            byte[] keyBytes = key.getBytes(StandardCharsets.UTF_8);
+            byte[] valueBytes = objectMapper.writeValueAsBytes(loginUser);
+            long seconds = Math.max(timeoutMinutes * 60L, 1L);
+            redisTemplate.execute((RedisCallback<Void>) connection -> {
+                connection.setEx(keyBytes, seconds, valueBytes);
+                return null;
+            });
+        }
+        catch (Exception e)
+        {
+            throw new IllegalStateException("登录缓存写入失败", e);
+        }
+    }
+
+    public LoginUser load(String key)
+    {
+        if (StringUtils.isEmpty(key))
+        {
+            return null;
+        }
+        byte[] valueBytes = readRawBytes(key);
+        if (valueBytes == null || valueBytes.length == 0)
+        {
+            return null;
+        }
+        LoginUser loginUser = readJackson(valueBytes);
+        if (loginUser != null)
+        {
+            return loginUser;
+        }
+        loginUser = readLegacyFastJson(valueBytes);
+        if (loginUser != null)
+        {
+            log.info("已兼容读取 FastJSON 格式登录缓存，key={}", key);
+            return loginUser;
+        }
+        log.warn("登录缓存损坏，已删除 key={}", key);
+        delete(key);
+        return null;
+    }
+
+    public void delete(String key)
+    {
+        if (StringUtils.isNotEmpty(key))
+        {
+            redisTemplate.delete(key);
+        }
+    }
+
+    private byte[] readRawBytes(String key)
+    {
+        byte[] keyBytes = key.getBytes(StandardCharsets.UTF_8);
+        return redisTemplate.execute((RedisCallback<byte[]>) connection -> connection.get(keyBytes));
+    }
+
+    private LoginUser readJackson(byte[] bytes)
+    {
+        try
+        {
+            return objectMapper.readValue(bytes, LoginUser.class);
+        }
+        catch (Exception ignored)
+        {
+            return null;
+        }
+    }
+
+    private LoginUser readLegacyFastJson(byte[] bytes)
+    {
+        try
+        {
+            String str = new String(bytes, StandardCharsets.UTF_8).trim();
+            if (str.startsWith("\"") && str.endsWith("\""))
+            {
+                str = objectMapper.readValue(str, String.class);
+            }
+            return JSON.parseObject(str, LoginUser.class, LEGACY_AUTO_TYPE_FILTER);
+        }
+        catch (Exception ignored)
+        {
+            return null;
+        }
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java

@@ -3,13 +3,12 @@ package com.ruoyi.framework.web.service;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.TimeUnit;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import com.alibaba.fastjson2.JSONObject;
 import com.ruoyi.common.constant.CacheConstants;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.model.LoginUser;
@@ -56,6 +55,9 @@ public class TokenService
     @Autowired
     private RedisCache redisCache;
 
+    @Autowired
+    private LoginUserRedisStore loginUserRedisStore;
+
     /**
      * 获取用户身份信息
      * 
@@ -63,25 +65,42 @@ public class TokenService
      */
     public LoginUser getLoginUser(HttpServletRequest request)
     {
-        // 获取请求携带的令牌
-        String token = getToken(request);
-        if (StringUtils.isNotEmpty(token))
+        String jwt = getToken(request);
+        if (StringUtils.isEmpty(jwt))
         {
+            return null;
+        }
             try
             {
-                Claims claims = parseToken(token);
-                // 解析对应的权限以及用户信息
+            Claims claims = parseToken(jwt);
                 String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
-                String userKey = getTokenKey(uuid);
-                LoginUser user = redisCache.getCacheObject(userKey);
-                return user;
+            return loginUserRedisStore.load(getTokenKey(uuid));
             }
             catch (Exception e)
             {
                 log.error("获取用户信息异常'{}'", e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 反序列化失败时清理损坏的登录缓存，避免退出/鉴权反复报错。
+     */
+    private void deleteLoginCacheByJwt(String jwt)
+    {
+        try
+        {
+            Claims claims = parseToken(jwt);
+            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
+            if (StringUtils.isNotEmpty(uuid))
+            {
+                loginUserRedisStore.delete(getTokenKey(uuid));
             }
         }
-        return null;
+        catch (Exception ignored)
+        {
+            // ignore
+        }
     }
 
     /**
@@ -102,8 +121,19 @@ public class TokenService
     {
         if (StringUtils.isNotEmpty(token))
         {
-            String userKey = getTokenKey(token);
-            redisCache.deleteObject(userKey);
+            loginUserRedisStore.delete(getTokenKey(token));
+        }
+    }
+
+    /**
+     * 退出时若无法反序列化 LoginUser，仍按 JWT 清理 Redis 登录缓存。
+     */
+    public void clearLoginCache(HttpServletRequest request)
+    {
+        String jwt = getToken(request);
+        if (StringUtils.isNotEmpty(jwt))
+        {
+            deleteLoginCacheByJwt(jwt);
         }
     }
 
@@ -153,7 +183,7 @@ public class TokenService
         loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
         // 根据uuid将loginUser缓存
         String userKey = getTokenKey(loginUser.getToken());
-        redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
+        loginUserRedisStore.save(userKey, loginUser, expireTime);
     }
 
     /**
@@ -232,28 +262,6 @@ public class TokenService
         return CacheConstants.LOGIN_TOKEN_KEY + uuid;
     }
 
-    /**
-     * 解析 Redis 中的在线用户缓存，兼容 fastjson2 反序列化为 JSONObject 的情况
-     */
-    private LoginUser resolveLoginUser(String key)
-    {
-        Object cached = redisCache.getCacheObject(key);
-        if (cached == null)
-        {
-            return null;
-        }
-        if (cached instanceof LoginUser)
-        {
-            return (LoginUser) cached;
-        }
-        if (cached instanceof JSONObject)
-        {
-            return ((JSONObject) cached).to(LoginUser.class);
-        }
-        log.warn("跳过无法识别的在线用户缓存: key={}, type={}", key, cached.getClass().getName());
-        return null;
-    }
-
     /**
      * 角色权限变更后，刷新所有持有该角色的在线用户权限
      *
@@ -271,7 +279,7 @@ public class TokenService
         }
         for (String key : keys)
         {
-            LoginUser loginUser = resolveLoginUser(key);
+            LoginUser loginUser = loginUserRedisStore.load(key);
             if (loginUser == null || loginUser.getUser() == null || loginUser.getUser().isAdmin())
             {
                 // 管理员拥有所有权限，跳过