Skip to content

J
jeecg-boot

jeecg / jeecg-boot
上一次同步 3 年多

通知 865
Star 24375
Fork 84
J
jeecg-boot
提交 b92bec3e 编写于 作者: JEECG低代码平台's avatar JEECG低代码平台
浏览文件
操作

登入生成token的小bug issues/I1XOVS

上级 72f32e47
显示空白变更内容
内联 并排
Showing with 7 addition and 2 deletion
jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
浏览文件 @ b92bec3e
package org.jeecg.config.shiro; package org.jeecg.config.shiro;
import cn.hutool.crypto.SecureUtil;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationInfo;
...@@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm { ...@@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm {
//如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期 //如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期
if(loginUser==null){ if(loginUser==null){
loginUser = commonAPI.getUserByName(username); loginUser = commonAPI.getUserByName(username);
//密码二次加密,因为存于redis会泄露
loginUser.setPassword(SecureUtil.md5(loginUser.getPassword()));
} }
if (loginUser == null) { if (loginUser == null) {
throw new AuthenticationException("用户不存在!"); throw new AuthenticationException("用户不存在!");
......
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
浏览文件 @ b92bec3e
...@@ -81,7 +81,8 @@ public class LoginController { ...@@ -81,7 +81,8 @@ public class LoginController {
String lowerCaseCaptcha = captcha.toLowerCase(); String lowerCaseCaptcha = captcha.toLowerCase();
String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8"); String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
Object checkCode = redisUtil.get(realKey); Object checkCode = redisUtil.get(realKey);
if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) { //当进入登录页时,有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
result.error500("验证码错误"); result.error500("验证码错误");
return result; return result;
} }
...@@ -355,7 +356,7 @@ public class LoginController { ...@@ -355,7 +356,7 @@ public class LoginController {
String syspassword = sysUser.getPassword(); String syspassword = sysUser.getPassword();
String username = sysUser.getUsername(); String username = sysUser.getUsername();
// 生成token // 生成token
String token = JwtUtil.sign(username, syspassword); String token = JwtUtil.sign(username, SecureUtil.md5(syspassword));
// 设置token缓存有效时间 // 设置token缓存有效时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
...@@ -363,6 +364,7 @@ public class LoginController { ...@@ -363,6 +364,7 @@ public class LoginController {
//update-begin-author:taoyan date:20200812 for:登录缓存用户信息 //update-begin-author:taoyan date:20200812 for:登录缓存用户信息
LoginUser vo = new LoginUser(); LoginUser vo = new LoginUser();
BeanUtils.copyProperties(sysUser,vo); BeanUtils.copyProperties(sysUser,vo);
//密码二次加密,因为存于redis会泄露
vo.setPassword(SecureUtil.md5(sysUser.getPassword())); vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册