refactor: 修改加密方式
This commit is contained in:
parent
95593f6a5c
commit
b7ba8d5af4
|
@ -4,8 +4,11 @@ import org.mybatis.spring.annotation.MapperScan;
|
|||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.cache.annotation.EnableCaching;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.scheduling.annotation.EnableScheduling;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.transaction.annotation.EnableTransactionManagement;
|
||||
|
||||
@MapperScan("cn.bunny.services.mapper")
|
||||
|
@ -18,4 +21,9 @@ public class ServiceApplication {
|
|||
public static void main(String[] args) {
|
||||
SpringApplication.run(ServiceApplication.class, args);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,7 +4,6 @@ import cn.bunny.dao.entity.system.AdminUser;
|
|||
import cn.bunny.dao.vo.result.ResultCodeEnum;
|
||||
import cn.bunny.services.mapper.UserMapper;
|
||||
import cn.bunny.services.security.custom.CustomAuthorizationManagerServiceImpl;
|
||||
import cn.bunny.services.security.custom.CustomPasswordEncoder;
|
||||
import cn.bunny.services.security.filter.TokenLoginFilterService;
|
||||
import cn.bunny.services.security.handelr.SecurityAccessDeniedHandler;
|
||||
import cn.bunny.services.security.handelr.SecurityAuthenticationEntryPoint;
|
||||
|
@ -40,9 +39,6 @@ public class WebSecurityConfig {
|
|||
@Autowired
|
||||
private UserService userService;
|
||||
|
||||
@Autowired
|
||||
private CustomPasswordEncoder customPasswordEncoder;
|
||||
|
||||
@Autowired
|
||||
private CustomAuthorizationManagerServiceImpl customAuthorizationManagerService;
|
||||
|
||||
|
@ -50,7 +46,7 @@ public class WebSecurityConfig {
|
|||
private AuthenticationConfiguration authenticationConfiguration;
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity httpSecurity, UserMapper userMapper) throws Exception {
|
||||
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
|
||||
httpSecurity
|
||||
// 前端段分离不需要---禁用明文验证
|
||||
.httpBasic(AbstractHttpConfigurer::disable)
|
||||
|
@ -76,14 +72,10 @@ public class WebSecurityConfig {
|
|||
exception.accessDeniedHandler(new SecurityAccessDeniedHandler());
|
||||
})
|
||||
// 登录验证过滤器
|
||||
.addFilterBefore(new TokenLoginFilterService(authenticationConfiguration, userService), UsernamePasswordAuthenticationFilter.class)
|
||||
// 自定义密码加密器和用户登录
|
||||
.passwordManagement(customPasswordEncoder);
|
||||
|
||||
.addFilterBefore(new TokenLoginFilterService(authenticationConfiguration, userService), UsernamePasswordAuthenticationFilter.class);
|
||||
return httpSecurity.build();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 使用数据库方式
|
||||
* 登录方式:邮箱+用户名
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
package cn.bunny.services.security.custom;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.util.DigestUtils;
|
||||
|
||||
/**
|
||||
* 自定义密码加密比对
|
||||
*/
|
||||
@Configuration
|
||||
public class CustomPasswordEncoder implements PasswordEncoder, Customizer<PasswordManagementConfigurer<HttpSecurity>> {
|
||||
@Override
|
||||
public String encode(CharSequence rawPassword) {
|
||||
return DigestUtils.md5DigestAsHex(rawPassword.toString().getBytes());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean matches(CharSequence rawPassword, String encodedPassword) {
|
||||
return encodedPassword.matches(DigestUtils.md5DigestAsHex(rawPassword.toString().getBytes()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customize(PasswordManagementConfigurer<HttpSecurity> httpSecurityPasswordManagementConfigurer) {
|
||||
}
|
||||
}
|
|
@ -43,9 +43,9 @@ import org.springframework.beans.BeanUtils;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.util.DigestUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
|
||||
|
@ -66,33 +66,26 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
|
|||
|
||||
@Autowired
|
||||
private UserUtil userUtil;
|
||||
|
||||
@Autowired
|
||||
private ConcreteSenderEmailTemplate concreteSenderEmailTemplate;
|
||||
|
||||
@Autowired
|
||||
private RedisTemplate<String, Object> redisTemplate;
|
||||
|
||||
@Autowired
|
||||
private FilesService filesService;
|
||||
|
||||
@Autowired
|
||||
private UserDeptMapper userDeptMapper;
|
||||
|
||||
@Autowired
|
||||
private UserRoleMapper userRoleMapper;
|
||||
|
||||
@Autowired
|
||||
private UserLoginLogMapper userLoginLogMapper;
|
||||
|
||||
@Autowired
|
||||
private EmailTemplateMapper emailTemplateMapper;
|
||||
|
||||
@Autowired
|
||||
private RoleMapper roleMapper;
|
||||
|
||||
@Autowired
|
||||
private UserMapper userMapper;
|
||||
@Autowired
|
||||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
/**
|
||||
* 前台用户登录接口
|
||||
|
@ -237,19 +230,19 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
|
|||
String password = dto.getPassword();
|
||||
|
||||
// 对密码加密
|
||||
String md5Password = DigestUtils.md5DigestAsHex(password.getBytes());
|
||||
String encode = passwordEncoder.encode(password);
|
||||
AdminUser adminUser = getOne(Wrappers.<AdminUser>lambdaQuery().eq(AdminUser::getId, userId));
|
||||
|
||||
// 判断是否存在这个用户
|
||||
if (adminUser == null) throw new AuthCustomerException(ResultCodeEnum.USER_IS_EMPTY);
|
||||
|
||||
// 判断新密码是否与旧密码相同
|
||||
if (adminUser.getPassword().equals(md5Password))
|
||||
if (adminUser.getPassword().equals(encode))
|
||||
throw new AuthCustomerException(ResultCodeEnum.UPDATE_NEW_PASSWORD_SAME_AS_OLD_PASSWORD);
|
||||
|
||||
// 更新用户密码
|
||||
adminUser = new AdminUser();
|
||||
adminUser.setPassword(md5Password);
|
||||
adminUser.setPassword(encode);
|
||||
adminUser.setId(userId);
|
||||
updateById(adminUser);
|
||||
|
||||
|
@ -412,7 +405,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
|
|||
|
||||
// 数据库中的密码
|
||||
String dbPassword = adminUser.getPassword();
|
||||
password = DigestUtils.md5DigestAsHex(password.getBytes());
|
||||
password = passwordEncoder.encode(password);
|
||||
|
||||
// 判断数据库中密码是否和更新用户密码相同
|
||||
if (dbPassword.equals(password)) throw new AuthCustomerException(ResultCodeEnum.NEW_PASSWORD_SAME_OLD_PASSWORD);
|
||||
|
@ -469,12 +462,12 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
|
|||
@Override
|
||||
public void addAdminUser(@Valid AdminUserAddDto dto) {
|
||||
// 对密码加密
|
||||
String md5Password = DigestUtils.md5DigestAsHex(dto.getPassword().getBytes());
|
||||
String encode = passwordEncoder.encode(dto.getPassword());
|
||||
|
||||
// 保存数据
|
||||
AdminUser adminUser = new AdminUser();
|
||||
BeanUtils.copyProperties(dto, adminUser);
|
||||
adminUser.setPassword(md5Password);
|
||||
adminUser.setPassword(encode);
|
||||
save(adminUser);
|
||||
|
||||
// 插入用户部门关系表
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
package cn.bunny.services.service.impl;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
@SpringBootTest
|
||||
class UserServiceImplTest {
|
||||
|
||||
@Autowired
|
||||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
@Test
|
||||
void updateUserPasswordByAdmin() {
|
||||
String encode = passwordEncoder.encode("123456");
|
||||
System.out.println(encode);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue