Commit 7f6e204ce4aeed58abfd4fa1ee114fac1c8228ea
1 parent
b874df34
登入生成token的小bug issues/I1XOVS
Showing
2 changed files
with
7 additions
and
2 deletions
jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
| 1 | 1 | package org.jeecg.config.shiro; |
| 2 | 2 | |
| 3 | +import cn.hutool.crypto.SecureUtil; | |
| 3 | 4 | import lombok.extern.slf4j.Slf4j; |
| 4 | 5 | import org.apache.shiro.authc.AuthenticationException; |
| 5 | 6 | import org.apache.shiro.authc.AuthenticationInfo; |
| ... | ... | @@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm { |
| 118 | 119 | //如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期 |
| 119 | 120 | if(loginUser==null){ |
| 120 | 121 | loginUser = commonAPI.getUserByName(username); |
| 122 | + //密码二次加密,因为存于redis会泄露 | |
| 123 | + loginUser.setPassword(SecureUtil.md5(loginUser.getPassword())); | |
| 121 | 124 | } |
| 122 | 125 | if (loginUser == null) { |
| 123 | 126 | throw new AuthenticationException("用户不存在!"); |
| ... | ... |
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
| ... | ... | @@ -81,7 +81,8 @@ public class LoginController { |
| 81 | 81 | String lowerCaseCaptcha = captcha.toLowerCase(); |
| 82 | 82 | String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8"); |
| 83 | 83 | Object checkCode = redisUtil.get(realKey); |
| 84 | - if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) { | |
| 84 | + //当进入登录页时,有一定几率出现验证码错误 #1714 | |
| 85 | + if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { | |
| 85 | 86 | result.error500("验证码错误"); |
| 86 | 87 | return result; |
| 87 | 88 | } |
| ... | ... | @@ -355,7 +356,7 @@ public class LoginController { |
| 355 | 356 | String syspassword = sysUser.getPassword(); |
| 356 | 357 | String username = sysUser.getUsername(); |
| 357 | 358 | // 生成token |
| 358 | - String token = JwtUtil.sign(username, syspassword); | |
| 359 | + String token = JwtUtil.sign(username, SecureUtil.md5(syspassword)); | |
| 359 | 360 | // 设置token缓存有效时间 |
| 360 | 361 | redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); |
| 361 | 362 | redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); |
| ... | ... | @@ -363,6 +364,7 @@ public class LoginController { |
| 363 | 364 | //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 |
| 364 | 365 | LoginUser vo = new LoginUser(); |
| 365 | 366 | BeanUtils.copyProperties(sysUser,vo); |
| 367 | + //密码二次加密,因为存于redis会泄露 | |
| 366 | 368 | vo.setPassword(SecureUtil.md5(sysUser.getPassword())); |
| 367 | 369 | redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); |
| 368 | 370 | redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); |
| ... | ... |