forgetest5
/
jeecg-boot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

登入生成token的小bug issues/I1XOVS

This commit is contained in:
zhangdaiscott 2020-10-12 15:43:23 +08:00
parent b874df34c8
commit 7f6e204ce4
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
View File

@ -1,5 +1,6 @@
package org.jeecg.config.shiro;
import cn.hutool.crypto.SecureUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm {
//如果redis缓存用户信息为空则通过接口获取用户信息,避免超过两个小时操作中token过期
if(loginUser==null){
loginUser = commonAPI.getUserByName(username);
//密码二次加密因为存于redis会泄露
loginUser.setPassword(SecureUtil.md5(loginUser.getPassword()));
}
if (loginUser == null) {
throw new AuthenticationException("用户不存在!");

6
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
View File

@ -81,7 +81,8 @@ public class LoginController {
String lowerCaseCaptcha = captcha.toLowerCase();
String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
Object checkCode = redisUtil.get(realKey);
if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) {
//当进入登录页时有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
result.error500("验证码错误");
return result;
}
@ -355,7 +356,7 @@ public class LoginController {
String syspassword = sysUser.getPassword();
String username = sysUser.getUsername();
// 生成token
String token = JwtUtil.sign(username, syspassword);
String token = JwtUtil.sign(username, SecureUtil.md5(syspassword));
// 设置token缓存有效时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
@ -363,6 +364,7 @@ public class LoginController {
//update-begin-author:taoyan date:20200812 for:登录缓存用户信息
LoginUser vo = new LoginUser();
BeanUtils.copyProperties(sysUser,vo);
//密码二次加密因为存于redis会泄露
vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);