From d5a077223732a19e8389cd232ac972a6625c7f52 Mon Sep 17 00:00:00 2001
From: "Captain.B" <bin@fit2cloud.com>
Date: Mon, 22 Mar 2021 18:23:45 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DCSRF-TOKEN=E8=BF=87?=
 =?UTF-8?q?=E6=9C=9F=E6=97=B6=E6=B2=A1=E6=9C=89=E8=B7=B3=E8=BD=AC=E5=88=B0?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=E9=A1=B5=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/src/main/java/io/metersphere/security/CsrfFilter.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/io/metersphere/security/CsrfFilter.java b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
index ea21966c4b..32f6bc9ae0 100644
--- a/backend/src/main/java/io/metersphere/security/CsrfFilter.java
+++ b/backend/src/main/java/io/metersphere/security/CsrfFilter.java
@@ -7,6 +7,7 @@ import io.metersphere.commons.utils.SessionUtils;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.ExpiredCredentialsException;
 import org.apache.shiro.web.filter.authc.AnonymousFilter;
 import org.apache.shiro.web.util.WebUtils;
 import org.springframework.core.env.Environment;
@@ -84,7 +85,7 @@ public class CsrfFilter extends AnonymousFilter {
         Environment env = CommonBeanFactory.getBean(Environment.class);
         long timeout = env.getProperty("session.timeout", Long.class, 43200L);
         if (Math.abs(System.currentTimeMillis() - signatureTime) > timeout * 1000) {
-            throw new RuntimeException("expired token");
+            throw new ExpiredCredentialsException("expired token");
         }
         if (!StringUtils.equals(SessionUtils.getUserId(), signatureArray[0])) {
             throw new RuntimeException("Please check csrf token.");