From c8d94da4fb66daff6fd5c19635c9f545af2e3ceb Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 17 六月 2023 22:38:06 +0800
Subject: [PATCH] fix 修复 用户篡改管理员角色标识符越权问题

---
 ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysUserOnlineController.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysUserOnlineController.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysUserOnlineController.java
index 0e626d0..c3f0977 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysUserOnlineController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysUserOnlineController.java
@@ -46,7 +46,7 @@
         List<String> keys = StpUtil.searchTokenValue("", 0, -1, false);
         List<UserOnlineDTO> userOnlineDTOList = new ArrayList<>();
         for (String key : keys) {
-            String token = key.replace(GlobalConstants.LOGIN_TOKEN_KEY, "");
+            String token = StringUtils.substringAfterLast(key, ":");
             // 濡傛灉宸茬粡杩囨湡鍒欒烦杩�
             if (StpUtil.stpLogic.getTokenActivityTimeoutByToken(token) < -1) {
                 continue;

--
Gitblit v1.9.3