io.github.talelin.core.token.DoubleJWT#generateToken 有线程安全问题,登录A账号进入B账号

[huangjiesen]

描述 bug

• 你是如何操作的？

  public class DoubleJWT {
  private JWTCreator.Builder builder;
  public String generateToken(String tokenType, long identity, String scope, long expire) {
      Date expireDate = DateUtil.getDurationDate(expire);
      // builder对象存在线程安全问题
      return builder
              .withClaim("type", tokenType)
              .withClaim("identity", identity)
              .withClaim("scope", scope)
              .withExpiresAt(expireDate)
              .sign(algorithm);
  }
  }

如何再现

    @Autowired
    private DoubleJWT jwt;

    @Test
    public void test() throws Exception {
        ExecutorService executorService = new ThreadPoolExecutor(8, 20,100L, TimeUnit.SECONDS,new LinkedBlockingQueue<>());

        for (int i = 0; i < 300; i++) {
            executorService.execute(() -> {
                long userId = IdWorker.getId();
                String token = jwt.generateAccessToken(userId);

                Map<String, Claim> map = jwt.decodeAccessToken(token);
                Long identity = map.get("identity").asLong();

                assertTrue("线程安全问题,userId:" + userId + ",identity:" + identity, identity.equals(userId));
            });
        }
    }