Skip to content

J
jeecg-boot

打磨机 / jeecg-boot
与 Fork 源项目一致

从无法访问的项目Fork

通知 5
Star 0
Fork 0
J
jeecg-boot

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 b92bec3e 编写于 作者: JEECG低代码平台's avatar JEECG低代码平台
浏览文件
操作

登入生成token的小bug issues/I1XOVS

上级 72f32e47
隐藏空白更改
内联 并排
Showing with 7 addition and 2 deletion
jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
浏览文件 @ b92bec3e
package org.jeecg.config.shiro;
import cn.hutool.crypto.SecureUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
......@@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm {
//如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期
if(loginUser==null){
loginUser = commonAPI.getUserByName(username);
//密码二次加密,因为存于redis会泄露
loginUser.setPassword(SecureUtil.md5(loginUser.getPassword()));
}
if (loginUser == null) {
throw new AuthenticationException("用户不存在!");
......
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
浏览文件 @ b92bec3e
......@@ -81,7 +81,8 @@ public class LoginController {
String lowerCaseCaptcha = captcha.toLowerCase();
String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
Object checkCode = redisUtil.get(realKey);
if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) {
//当进入登录页时,有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
result.error500("验证码错误");
return result;
}
......@@ -355,7 +356,7 @@ public class LoginController {
String syspassword = sysUser.getPassword();
String username = sysUser.getUsername();
// 生成token
String token = JwtUtil.sign(username, syspassword);
String token = JwtUtil.sign(username, SecureUtil.md5(syspassword));
// 设置token缓存有效时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
......@@ -363,6 +364,7 @@ public class LoginController {
//update-begin-author:taoyan date:20200812 for:登录缓存用户信息
LoginUser vo = new LoginUser();
BeanUtils.copyProperties(sysUser,vo);
//密码二次加密,因为存于redis会泄露
vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册