io.github.talelin.core.token.DoubleJWT#generateToken 有线程安全问题,登录A账号进入B账号

[huangjiesen]

描述 bug

• 你是如何操作的？

   public class DoubleJWT {
    private JWTCreator.Builder builder;
    public String generateToken(String tokenType, long identity, String scope, long expire) {
        Date expireDate = DateUtil.getDurationDate(expire);
        // builder对象存在线程安全问题
        return builder
                .withClaim("type", tokenType)
                .withClaim("identity", identity)
                .withClaim("scope", scope)
                .withExpiresAt(expireDate)
                .sign(algorithm);
    }
}

如何再现

    @Autowired
    private DoubleJWT jwt;

    @Test
    public void test() throws Exception {
        ExecutorService executorService = new ThreadPoolExecutor(8, 20,100L, TimeUnit.SECONDS,new LinkedBlockingQueue<>());
        
        for (int i = 0; i < 300; i++) {
            executorService.execute(() -> {
                long userId = IdWorker.getId();
                String token = jwt.generateAccessToken(userId);
                
                Map<String, Claim> map = jwt.decodeAccessToken(token);
                Long identity = map.get("identity").asLong();
                
                assertTrue("线程安全问题,userId:" + userId + ",identity:" + identity, identity.equals(userId));
            });
        }
    }