起因：单点登录问题，登录时访问的是tomcat1，访问获取用户数据时访问的是tomcat2，而用户的session信息在tomcat1上存储，tomcat2并不知道该用户来过，所以在获取个人信息时从session中获取不到数据，所以就显示该用户未登录

改用Token（JWT）来管理用户会话和认证，可以按照以下步骤进行修改：

1. 引入JWT依赖
   首先，需要在项目的pom.xml中引入JWT相关的依赖。

java"><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.1</version>
</dependency>

2. 生成和验证Token
   接下来，在用户服务中实现Token的生成和验证逻辑。在用户登录成功后，生成一个JWT Token：

java">import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;public class JwtUtil {private static final String SECRET_KEY = "yourSecretKey"; // 应该放在配置文件中public static String generateToken(User user) {long now = System.currentTimeMillis();long exp = now + 1000 * 60 * 60; // Token有效期，例如1小时return Jwts.builder().setSubject(user.getMobile()) // 可以将用户的手机号作为Subject.setIssuedAt(new Date(now)).setExpiration(new Date(exp)).signWith(SignatureAlgorithm.HS512, SECRET_KEY).compact();}//用于解析Tokenpublic static Claims parseToken(String token) {return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();}
}

然后在doLogin方法中使用JwtUtil.generateToken(user)来生成Token，并将Token返回给客户端。验证Token创建一个过滤器或拦截器来解析请求中携带的Token，并进行验证：

java"> //JwtAuthenticationFilter - 拦截请求并验证JWT Token
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;public class JwtAuthenticationFilter extends OncePerRequestFilter {@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)throws ServletException, IOException {String token = request.getHeader("Authorization");if (token != null && !token.isEmpty()) {try {Claims claims = JwtUtil.parseToken(token);// 这里将用户信息设置到SecurityContext或者请求中request.setAttribute("user", claims.getSubject());} catch (Exception e) {// Token验证失败的处理response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Token验证失败");return;}}filterChain.doFilter(request, response);}
}

4. SecurityConfig - 配置安全性
   这里需要配置Spring Security来使用我们的JwtAuthenticationFilter：

java">import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(new JwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).authorizeRequests().antMatchers("/login").permitAll().anyRequest().authenticated();}
}