交易市场平台（供应商）

baqing-admin/src/main/java/com/ruoyi/web/controller/monitor/SysUserOnlineController.java

@@ -20,6 +20,7 @@ import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.core.redis.RedisCache;
 import com.ruoyi.common.enums.BusinessType;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.web.service.LoginUserRedisStore;
 import com.ruoyi.system.domain.SysUserOnline;
 import com.ruoyi.system.service.ISysUserOnlineService;
 
@@ -38,6 +39,9 @@ public class SysUserOnlineController extends BaseController
     @Autowired
     private RedisCache redisCache;
 
+    @Autowired
+    private LoginUserRedisStore loginUserRedisStore;
+
     @PreAuthorize("@ss.hasPermi('monitor:online:list')")
     @GetMapping("/list")
     public TableDataInfo list(String ipaddr, String userName)
@@ -46,7 +50,7 @@ public class SysUserOnlineController extends BaseController
         List<SysUserOnline> userOnlineList = new ArrayList<SysUserOnline>();
         for (String key : keys)
         {
-            LoginUser user = redisCache.getCacheObject(key);
+            LoginUser user = loginUserRedisStore.load(key);
             if (StringUtils.isNotEmpty(ipaddr) && StringUtils.isNotEmpty(userName))
             {
                 userOnlineList.add(userOnlineService.selectOnlineByInfo(ipaddr, userName, user));
@@ -77,7 +81,7 @@ public class SysUserOnlineController extends BaseController
     @DeleteMapping("/{tokenId}")
     public AjaxResult forceLogout(@PathVariable String tokenId)
     {
-        redisCache.deleteObject(CacheConstants.LOGIN_TOKEN_KEY + tokenId);
+        loginUserRedisStore.delete(CacheConstants.LOGIN_TOKEN_KEY + tokenId);
         return success();
     }
 }

baqing-admin/src/test/java/com/ruoyi/framework/config/FastJson2JsonRedisSerializerTest.java

@@ -12,26 +12,25 @@ class FastJson2JsonRedisSerializerTest
 {
     private static final String LEGACY_LOGIN_USER_JSON =
             "{\"@type\":\"com.ruoyi.common.core.domain.model.LoginUser\",\"browser\":\"Chrome 148\","
-                    + "\"deptId\":103L,\"expireTime\":1780467419148,\"ipaddr\":\"115.238.57.190\","
-                    + "\"loginLocation\":\"XX XX\",\"loginTime\":1780465619148,\"os\":\"Windows10\","
-                    + "\"permissions\":Set[\"*:*:*\"],\"token\":\"22e5d643-b819-4e3a-bb97-0fd65739ff51\","
-                    + "\"user\":{\"admin\":true,\"createBy\":\"admin\",\"createTime\":\"2026-05-09 10:26:46\","
+                    + "\"deptId\":103L,\"expireTime\":1780482471190,\"ipaddr\":\"115.238.57.190\","
+                    + "\"loginLocation\":\"XX XX\",\"loginTime\":1780480671190,\"os\":\"Windows10\","
+                    + "\"permissions\":Set[\"*:*:*\"],\"token\":\"96dc6244-2273-489d-865f-36da1c8999bc\","
+                    + "\"user\":{\"createBy\":\"admin\",\"createTime\":\"2026-05-09 10:26:46\","
                     + "\"delFlag\":\"0\",\"dept\":{\"ancestors\":\"0,100,101\",\"children\":[],"
                     + "\"deptId\":103L,\"deptName\":\"研发部门\",\"leader\":\"若依\",\"orderNum\":1,"
                     + "\"params\":{\"@type\":\"java.util.HashMap\"},\"parentId\":101L,\"status\":\"0\"},"
-                    + "\"deptId\":103L,\"email\":\"ry@163.com\",\"loginDate\":\"2026-06-03 13:46:16\","
+                    + "\"deptId\":103L,\"email\":\"ry@163.com\",\"loginDate\":\"2026-06-03 17:44:28\","
                     + "\"loginIp\":\"115.238.57.190\",\"nickName\":\"超级管理员\","
                     + "\"params\":{\"@type\":\"java.util.HashMap\"},\"phonenumber\":\"15888888888\","
                     + "\"pwdUpdateDate\":\"2026-05-09 10:26:46\",\"remark\":\"管理员\","
-                    + "\"roles\":[{\"admin\":true,\"dataScope\":\"1\",\"deptCheckStrictly\":false,"
-                    + "\"flag\":false,\"menuCheckStrictly\":false,"
-                    + "\"params\":{\"@type\":\"java.util.HashMap\"},\"roleId\":1L,\"roleKey\":\"admin\","
-                    + "\"roleName\":\"超级管理员\",\"roleSort\":1,\"status\":\"0\"}],"
-                    + "\"sex\":\"1\",\"status\":\"0\",\"userId\":1L,\"userName\":\"admin\"},"
+                    + "\"roles\":[{\"dataScope\":\"1\",\"deptCheckStrictly\":false,\"flag\":false,"
+                    + "\"menuCheckStrictly\":false,\"params\":{\"@type\":\"java.util.HashMap\"},"
+                    + "\"roleId\":1L,\"roleKey\":\"admin\",\"roleName\":\"超级管理员\",\"roleSort\":1,"
+                    + "\"status\":\"0\"}],\"sex\":\"1\",\"status\":\"0\",\"userId\":1L,\"userName\":\"admin\"},"
                     + "\"userId\":1L,\"username\":\"admin\"}";
 
     @Test
-    @DisplayName("反序列化含 admin 字段的历史 LoginUser 缓存")
+    @DisplayName("反序列化含 admin/flag 字段的历史 LoginUser 缓存")
     void deserializeLegacyLoginUserWithAdminField()
     {
         FastJson2JsonRedisSerializer<LoginUser> serializer = new FastJson2JsonRedisSerializer<>(LoginUser.class);
@@ -40,6 +39,23 @@ class FastJson2JsonRedisSerializerTest
         assertEquals(1L, loginUser.getUserId());
         assertNotNull(loginUser.getUser());
         assertEquals("admin", loginUser.getUser().getUserName());
-        assertEquals("22e5d643-b819-4e3a-bb97-0fd65739ff51", loginUser.getToken());
+        assertEquals("96dc6244-2273-489d-865f-36da1c8999bc", loginUser.getToken());
+    }
+
+    @Test
+    @DisplayName("反序列化含 admin 的旧版 LoginUser 缓存")
+    void deserializeLegacyLoginUserWithAdminOnly()
+    {
+        String json =
+                "{\"@type\":\"com.ruoyi.common.core.domain.model.LoginUser\",\"deptId\":103L,"
+                        + "\"permissions\":Set[\"*:*:*\"],\"token\":\"legacy-token\","
+                        + "\"user\":{\"admin\":true,\"userId\":1L,\"userName\":\"admin\","
+                        + "\"roles\":[{\"admin\":true,\"roleId\":1L,\"roleKey\":\"admin\","
+                        + "\"flag\":false,\"deptCheckStrictly\":false,\"menuCheckStrictly\":false}]},"
+                        + "\"userId\":1L,\"username\":\"admin\"}";
+        FastJson2JsonRedisSerializer<LoginUser> serializer = new FastJson2JsonRedisSerializer<>(LoginUser.class);
+        LoginUser loginUser = serializer.deserialize(json.getBytes(FastJson2JsonRedisSerializer.DEFAULT_CHARSET));
+        assertNotNull(loginUser);
+        assertEquals("admin", loginUser.getUser().getUserName());
     }
 }

baqing-admin/src/test/java/com/ruoyi/framework/config/FastJson2RedisReproduceTest.java

@@ -0,0 +1,44 @@
+package com.ruoyi.framework.config;
+
+import com.ruoyi.common.core.domain.model.LoginUser;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * 复现 Redis 实际用法：valueSerializer 使用 Object.class。
+ */
+@DisplayName("FastJson2 Redis Object.class 反序列化")
+class FastJson2RedisReproduceTest
+{
+    private static final String USER_JSON =
+            "{\"@type\":\"com.ruoyi.common.core.domain.model.LoginUser\",\"browser\":\"Chrome 148\","
+                    + "\"deptId\":103L,\"expireTime\":1780482471190,\"ipaddr\":\"115.238.57.190\","
+                    + "\"loginLocation\":\"XX XX\",\"loginTime\":1780480671190,\"os\":\"Windows10\","
+                    + "\"permissions\":Set[\"*:*:*\"],\"token\":\"96dc6244-2273-489d-865f-36da1c8999bc\","
+                    + "\"user\":{\"createBy\":\"admin\",\"createTime\":\"2026-05-09 10:26:46\","
+                    + "\"delFlag\":\"0\",\"dept\":{\"ancestors\":\"0,100,101\",\"children\":[],"
+                    + "\"deptId\":103L,\"deptName\":\"研发部门\",\"leader\":\"若依\",\"orderNum\":1,"
+                    + "\"params\":{\"@type\":\"java.util.HashMap\"},\"parentId\":101L,\"status\":\"0\"},"
+                    + "\"deptId\":103L,\"email\":\"ry@163.com\",\"loginDate\":\"2026-06-03 17:44:28\","
+                    + "\"loginIp\":\"115.238.57.190\",\"nickName\":\"超级管理员\","
+                    + "\"params\":{\"@type\":\"java.util.HashMap\"},\"phonenumber\":\"15888888888\","
+                    + "\"pwdUpdateDate\":\"2026-05-09 10:26:46\",\"remark\":\"管理员\","
+                    + "\"roles\":[{\"dataScope\":\"1\",\"deptCheckStrictly\":false,\"flag\":false,"
+                    + "\"menuCheckStrictly\":false,\"params\":{\"@type\":\"java.util.HashMap\"},"
+                    + "\"roleId\":1L,\"roleKey\":\"admin\",\"roleName\":\"超级管理员\",\"roleSort\":1,"
+                    + "\"status\":\"0\"}],\"sex\":\"1\",\"status\":\"0\",\"userId\":1L,\"userName\":\"admin\"},"
+                    + "\"userId\":1L,\"username\":\"admin\"}";
+
+    @Test
+    @DisplayName("Object.class 与 RedisConfig 一致")
+    void deserializeAsObjectClass()
+    {
+        FastJson2JsonRedisSerializer<Object> serializer = new FastJson2JsonRedisSerializer<>(Object.class);
+        Object raw = assertDoesNotThrow(() -> serializer.deserialize(USER_JSON.getBytes(FastJson2JsonRedisSerializer.DEFAULT_CHARSET)));
+        assertNotNull(raw);
+        assertNotNull(((LoginUser) raw).getUser());
+    }
+}

baqing-admin/src/test/java/com/ruoyi/framework/web/service/LoginUserRedisStoreJacksonTest.java

@@ -0,0 +1,62 @@
+package com.ruoyi.framework.web.service;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import java.nio.charset.StandardCharsets;
+
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ruoyi.common.core.domain.entity.SysRole;
+import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+@DisplayName("LoginUserRedisStore Jackson 序列化")
+class LoginUserRedisStoreJacksonTest
+{
+    private static final String LEGACY_FASTJSON =
+            "{\"@type\":\"com.ruoyi.common.core.domain.model.LoginUser\",\"deptId\":103,"
+                    + "\"permissions\":[\"*:*:*\"],\"token\":\"t1\","
+                    + "\"user\":{\"userId\":1,\"userName\":\"admin\","
+                    + "\"roles\":[{\"roleId\":1,\"roleKey\":\"admin\",\"flag\":false,"
+                    + "\"deptCheckStrictly\":false,\"menuCheckStrictly\":false}]},"
+                    + "\"userId\":1,\"username\":\"admin\"}";
+
+    @Test
+    @DisplayName("Jackson 读写含 roles 的 LoginUser")
+    void jacksonRoundTrip() throws Exception
+    {
+        ObjectMapper mapper = new ObjectMapper();
+        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+        SysRole role = new SysRole();
+        role.setRoleId(1L);
+        role.setRoleKey("admin");
+        role.setFlag(false);
+        SysUser user = new SysUser(1L);
+        user.setUserName("admin");
+        user.setRoles(java.util.Collections.singletonList(role));
+        LoginUser loginUser = new LoginUser(1L, 103L, user, java.util.Collections.singleton("*:*:*"));
+        loginUser.setToken("t1");
+
+        byte[] bytes = mapper.writeValueAsBytes(loginUser);
+        LoginUser restored = mapper.readValue(bytes, LoginUser.class);
+        assertNotNull(restored.getUser());
+        assertEquals("admin", restored.getUser().getUserName());
+        assertEquals(1, restored.getUser().getRoles().size());
+    }
+
+    @Test
+    @DisplayName("Legacy FastJSON 含 flag:false 可被 Jackson 忽略未知字段策略兼容读取")
+    void jacksonIgnoresUnknownFromPlainJson() throws Exception
+    {
+        ObjectMapper mapper = new ObjectMapper();
+        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+        LoginUser loginUser = mapper.readValue(LEGACY_FASTJSON.getBytes(StandardCharsets.UTF_8), LoginUser.class);
+        assertNotNull(loginUser);
+        assertEquals("admin", loginUser.getUser().getUserName());
+    }
+}

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java

@@ -7,6 +7,8 @@ import javax.validation.constraints.Size;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.ruoyi.common.annotation.Excel;
 import com.ruoyi.common.annotation.Excel.ColumnType;
 import com.ruoyi.common.core.domain.BaseEntity;
@@ -16,6 +18,7 @@ import com.ruoyi.common.core.domain.BaseEntity;
  * 
  * @author ruoyi
  */
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class SysRole extends BaseEntity
 {
     private static final long serialVersionUID = 1L;
@@ -41,9 +44,11 @@ public class SysRole extends BaseEntity
     private String dataScope;
 
     /** 菜单树选择项是否关联显示（ 0：父子不互相关联显示 1：父子互相关联显示） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean menuCheckStrictly;
 
     /** 部门树选择项是否关联显示（0：父子不互相关联显示 1：父子互相关联显示 ） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean deptCheckStrictly;
 
     /** 角色状态（0正常 1停用） */
@@ -53,7 +58,8 @@ public class SysRole extends BaseEntity
     /** 删除标志（0代表存在 2代表删除） */
     private String delFlag;
 
-    /** 用户是否存在此角色标识 默认不存在 */
+    /** 用户是否存在此角色标识 默认不存在（仅前端角色分配 UI 使用，不入 Redis） */
+    @JSONField(serialize = false, deserialize = false)
     private boolean flag = false;
 
     /** 菜单组 */
@@ -86,11 +92,19 @@ public class SysRole extends BaseEntity
     }
 
     @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
     public boolean isAdmin()
     {
         return isAdmin(this.roleId);
     }
 
+    /** 兼容历史 Redis 缓存中的 admin 字段，反序列化时忽略 */
+    @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
+    public void setAdmin(boolean admin)
+    {
+    }
+
     public static boolean isAdmin(Long roleId)
     {
         return roleId != null && 1L == roleId;
@@ -141,21 +155,25 @@ public class SysRole extends BaseEntity
         this.dataScope = dataScope;
     }
 
+    @JsonIgnore
     public boolean isMenuCheckStrictly()
     {
         return menuCheckStrictly;
     }
 
+    @JsonIgnore
     public void setMenuCheckStrictly(boolean menuCheckStrictly)
     {
         this.menuCheckStrictly = menuCheckStrictly;
     }
 
+    @JsonIgnore
     public boolean isDeptCheckStrictly()
     {
         return deptCheckStrictly;
     }
 
+    @JsonIgnore
     public void setDeptCheckStrictly(boolean deptCheckStrictly)
     {
         this.deptCheckStrictly = deptCheckStrictly;
@@ -181,11 +199,13 @@ public class SysRole extends BaseEntity
         this.delFlag = delFlag;
     }
 
+    @JsonIgnore
     public boolean isFlag()
     {
         return flag;
     }
 
+    @JsonIgnore
     public void setFlag(boolean flag)
     {
         this.flag = flag;

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java

@@ -6,6 +6,8 @@ import javax.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
 import com.fasterxml.jackson.annotation.JsonFormat;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.ruoyi.common.annotation.Excel;
 import com.ruoyi.common.annotation.Excel.ColumnType;
@@ -21,6 +23,7 @@ import com.ruoyi.common.xss.Xss;
  * 
  * @author ruoyi
  */
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class SysUser extends BaseEntity
 {
     private static final long serialVersionUID = 1L;
@@ -118,11 +121,18 @@ public class SysUser extends BaseEntity
     }
 
     @JSONField(serialize = false, deserialize = false)
+    @JsonIgnore
     public boolean isAdmin()
     {
         return SecurityUtils.isAdmin(this.userId);
     }
 
+    /** 兼容历史 Redis 缓存中的 admin 字段，反序列化时忽略 */
+    @JSONField(serialize = false, deserialize = false)
+    public void setAdmin(boolean admin)
+    {
+    }
+
     public Long getDeptId()
     {
         return deptId;

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/model/LoginUser.java

@@ -1,6 +1,7 @@
 package com.ruoyi.common.core.domain.model;
 
 import com.alibaba.fastjson2.annotation.JSONField;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -120,6 +121,7 @@ public class LoginUser implements UserDetails
     }
 
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public String getPassword()
     {
@@ -136,6 +138,7 @@ public class LoginUser implements UserDetails
      * 账户是否未过期,过期无法验证
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isAccountNonExpired()
     {
@@ -148,6 +151,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isAccountNonLocked()
     {
@@ -160,6 +164,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isCredentialsNonExpired()
     {
@@ -172,6 +177,7 @@ public class LoginUser implements UserDetails
      * @return
      */
     @JSONField(serialize = false)
+    @JsonIgnore
     @Override
     public boolean isEnabled()
     {

ruoyi-framework/src/main/java/com/ruoyi/framework/security/handle/LogoutSuccessHandlerImpl.java

@@ -43,11 +43,13 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
         if (StringUtils.isNotNull(loginUser))
         {
             String userName = loginUser.getUsername();
-            // 删除用户缓存记录
             tokenService.delLoginUser(loginUser.getToken());
-            // 记录用户退出日志
             AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
         }
+        else
+        {
+            tokenService.clearLoginCache(request);
+        }
         ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success(MessageUtils.message("user.logout.success"))));
     }
 }

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/LoginUserRedisStore.java

@@ -0,0 +1,132 @@
+package com.ruoyi.framework.web.service;
+
+import java.nio.charset.StandardCharsets;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.data.redis.core.RedisCallback;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import com.alibaba.fastjson2.JSON;
+import com.alibaba.fastjson2.JSONReader;
+import com.alibaba.fastjson2.filter.Filter;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ruoyi.common.constant.Constants;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.utils.StringUtils;
+
+/**
+ * 登录用户 Redis 存储：使用 Jackson 原始 JSON 字节，避免 FastJSON2 反序列化 LoginUser 嵌套对象异常。
+ */
+@Component
+public class LoginUserRedisStore
+{
+    private static final Logger log = LoggerFactory.getLogger(LoginUserRedisStore.class);
+
+    private static final Filter LEGACY_AUTO_TYPE_FILTER =
+            JSONReader.autoTypeFilter(Constants.JSON_WHITELIST_STR);
+
+    private final RedisTemplate<Object, Object> redisTemplate;
+
+    private final ObjectMapper objectMapper;
+
+    public LoginUserRedisStore(RedisTemplate<Object, Object> redisTemplate)
+    {
+        this.redisTemplate = redisTemplate;
+        this.objectMapper = new ObjectMapper();
+        this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    }
+
+    public void save(String key, LoginUser loginUser, long timeoutMinutes)
+    {
+        if (StringUtils.isEmpty(key) || loginUser == null)
+        {
+            return;
+        }
+        try
+        {
+            byte[] keyBytes = key.getBytes(StandardCharsets.UTF_8);
+            byte[] valueBytes = objectMapper.writeValueAsBytes(loginUser);
+            long seconds = Math.max(timeoutMinutes * 60L, 1L);
+            redisTemplate.execute((RedisCallback<Void>) connection -> {
+                connection.setEx(keyBytes, seconds, valueBytes);
+                return null;
+            });
+        }
+        catch (Exception e)
+        {
+            throw new IllegalStateException("登录缓存写入失败", e);
+        }
+    }
+
+    public LoginUser load(String key)
+    {
+        if (StringUtils.isEmpty(key))
+        {
+            return null;
+        }
+        byte[] valueBytes = readRawBytes(key);
+        if (valueBytes == null || valueBytes.length == 0)
+        {
+            return null;
+        }
+        LoginUser loginUser = readJackson(valueBytes);
+        if (loginUser != null)
+        {
+            return loginUser;
+        }
+        loginUser = readLegacyFastJson(valueBytes);
+        if (loginUser != null)
+        {
+            log.info("已兼容读取 FastJSON 格式登录缓存，key={}", key);
+            return loginUser;
+        }
+        log.warn("登录缓存损坏，已删除 key={}", key);
+        delete(key);
+        return null;
+    }
+
+    public void delete(String key)
+    {
+        if (StringUtils.isNotEmpty(key))
+        {
+            redisTemplate.delete(key);
+        }
+    }
+
+    private byte[] readRawBytes(String key)
+    {
+        byte[] keyBytes = key.getBytes(StandardCharsets.UTF_8);
+        return redisTemplate.execute((RedisCallback<byte[]>) connection -> connection.get(keyBytes));
+    }
+
+    private LoginUser readJackson(byte[] bytes)
+    {
+        try
+        {
+            return objectMapper.readValue(bytes, LoginUser.class);
+        }
+        catch (Exception ignored)
+        {
+            return null;
+        }
+    }
+
+    private LoginUser readLegacyFastJson(byte[] bytes)
+    {
+        try
+        {
+            String str = new String(bytes, StandardCharsets.UTF_8).trim();
+            if (str.startsWith("\"") && str.endsWith("\""))
+            {
+                str = objectMapper.readValue(str, String.class);
+            }
+            return JSON.parseObject(str, LoginUser.class, LEGACY_AUTO_TYPE_FILTER);
+        }
+        catch (Exception ignored)
+        {
+            return null;
+        }
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java

@@ -3,7 +3,6 @@ package com.ruoyi.framework.web.service;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.concurrent.TimeUnit;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -56,6 +55,9 @@ public class TokenService
     @Autowired
     private RedisCache redisCache;
 
+    @Autowired
+    private LoginUserRedisStore loginUserRedisStore;
+
     /**
      * 获取用户身份信息
      * 
@@ -63,24 +65,42 @@ public class TokenService
      */
     public LoginUser getLoginUser(HttpServletRequest request)
     {
-        // 获取请求携带的令牌
-        String token = getToken(request);
-        if (StringUtils.isNotEmpty(token))
+        String jwt = getToken(request);
+        if (StringUtils.isEmpty(jwt))
         {
-            try
-            {
-                Claims claims = parseToken(token);
-                // 解析对应的权限以及用户信息
-                String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
-                String userKey = getTokenKey(uuid);
-                return redisCache.getCacheObject(userKey);
-            }
-            catch (Exception e)
+            return null;
+        }
+        try
+        {
+            Claims claims = parseToken(jwt);
+            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
+            return loginUserRedisStore.load(getTokenKey(uuid));
+        }
+        catch (Exception e)
+        {
+            log.error("获取用户信息异常'{}'", e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 反序列化失败时清理损坏的登录缓存，避免退出/鉴权反复报错。
+     */
+    private void deleteLoginCacheByJwt(String jwt)
+    {
+        try
+        {
+            Claims claims = parseToken(jwt);
+            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
+            if (StringUtils.isNotEmpty(uuid))
             {
-                log.error("获取用户信息异常'{}'", e.getMessage());
+                loginUserRedisStore.delete(getTokenKey(uuid));
             }
         }
-        return null;
+        catch (Exception ignored)
+        {
+            // ignore
+        }
     }
 
     /**
@@ -101,8 +121,19 @@ public class TokenService
     {
         if (StringUtils.isNotEmpty(token))
         {
-            String userKey = getTokenKey(token);
-            redisCache.deleteObject(userKey);
+            loginUserRedisStore.delete(getTokenKey(token));
+        }
+    }
+
+    /**
+     * 退出时若无法反序列化 LoginUser，仍按 JWT 清理 Redis 登录缓存。
+     */
+    public void clearLoginCache(HttpServletRequest request)
+    {
+        String jwt = getToken(request);
+        if (StringUtils.isNotEmpty(jwt))
+        {
+            deleteLoginCacheByJwt(jwt);
         }
     }
 
@@ -152,7 +183,7 @@ public class TokenService
         loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
         // 根据uuid将loginUser缓存
         String userKey = getTokenKey(loginUser.getToken());
-        redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
+        loginUserRedisStore.save(userKey, loginUser, expireTime);
     }
 
     /**
@@ -248,7 +279,7 @@ public class TokenService
         }
         for (String key : keys)
         {
-            LoginUser loginUser = redisCache.getCacheObject(key);
+            LoginUser loginUser = loginUserRedisStore.load(key);
             if (loginUser == null || loginUser.getUser() == null || loginUser.getUser().isAdmin())
             {
                 // 管理员拥有所有权限，跳过