登入生成token的小bug issues/I1XOVS
This commit is contained in:
parent
b874df34c8
commit
7f6e204ce4
|
@ -1,5 +1,6 @@
|
||||||
package org.jeecg.config.shiro;
|
package org.jeecg.config.shiro;
|
||||||
|
|
||||||
|
import cn.hutool.crypto.SecureUtil;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationException;
|
||||||
import org.apache.shiro.authc.AuthenticationInfo;
|
import org.apache.shiro.authc.AuthenticationInfo;
|
||||||
|
@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm {
|
||||||
//如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期
|
//如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期
|
||||||
if(loginUser==null){
|
if(loginUser==null){
|
||||||
loginUser = commonAPI.getUserByName(username);
|
loginUser = commonAPI.getUserByName(username);
|
||||||
|
//密码二次加密,因为存于redis会泄露
|
||||||
|
loginUser.setPassword(SecureUtil.md5(loginUser.getPassword()));
|
||||||
}
|
}
|
||||||
if (loginUser == null) {
|
if (loginUser == null) {
|
||||||
throw new AuthenticationException("用户不存在!");
|
throw new AuthenticationException("用户不存在!");
|
||||||
|
|
|
@ -81,7 +81,8 @@ public class LoginController {
|
||||||
String lowerCaseCaptcha = captcha.toLowerCase();
|
String lowerCaseCaptcha = captcha.toLowerCase();
|
||||||
String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
|
String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
|
||||||
Object checkCode = redisUtil.get(realKey);
|
Object checkCode = redisUtil.get(realKey);
|
||||||
if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) {
|
//当进入登录页时,有一定几率出现验证码错误 #1714
|
||||||
|
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
||||||
result.error500("验证码错误");
|
result.error500("验证码错误");
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
@ -355,7 +356,7 @@ public class LoginController {
|
||||||
String syspassword = sysUser.getPassword();
|
String syspassword = sysUser.getPassword();
|
||||||
String username = sysUser.getUsername();
|
String username = sysUser.getUsername();
|
||||||
// 生成token
|
// 生成token
|
||||||
String token = JwtUtil.sign(username, syspassword);
|
String token = JwtUtil.sign(username, SecureUtil.md5(syspassword));
|
||||||
// 设置token缓存有效时间
|
// 设置token缓存有效时间
|
||||||
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
|
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
|
||||||
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
|
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
|
||||||
|
@ -363,6 +364,7 @@ public class LoginController {
|
||||||
//update-begin-author:taoyan date:20200812 for:登录缓存用户信息
|
//update-begin-author:taoyan date:20200812 for:登录缓存用户信息
|
||||||
LoginUser vo = new LoginUser();
|
LoginUser vo = new LoginUser();
|
||||||
BeanUtils.copyProperties(sysUser,vo);
|
BeanUtils.copyProperties(sysUser,vo);
|
||||||
|
//密码二次加密,因为存于redis会泄露
|
||||||
vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
|
vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
|
||||||
redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
|
redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
|
||||||
redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);
|
redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);
|
||||||
|
|
Loading…
Reference in New Issue