系统安全性优化,登陆Token写Cookie时进行MD5加密;
This commit is contained in:
parent
014b341ff8
commit
3569b1422c
|
@ -1101,7 +1101,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
|
||||||
- 24、Log地址格式兼容,支持非"/"结尾路径配置;
|
- 24、Log地址格式兼容,支持非"/"结尾路径配置;
|
||||||
- 25、底层系统日志级别规范调整,清理遗留代码;
|
- 25、底层系统日志级别规范调整,清理遗留代码;
|
||||||
- 26、建表SQL优化,支持同步创建制定编码的库和表;
|
- 26、建表SQL优化,支持同步创建制定编码的库和表;
|
||||||
|
- 27、系统安全性优化,登陆Token写Cookie时进行MD5加密;
|
||||||
|
|
||||||
|
|
||||||
### TODO LIST
|
### TODO LIST
|
||||||
|
|
|
@ -2,7 +2,6 @@ package com.xxl.job.admin.controller;
|
||||||
|
|
||||||
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
||||||
import com.xxl.job.admin.controller.interceptor.PermissionInterceptor;
|
import com.xxl.job.admin.controller.interceptor.PermissionInterceptor;
|
||||||
import com.xxl.job.admin.core.util.PropertiesUtil;
|
|
||||||
import com.xxl.job.admin.service.XxlJobService;
|
import com.xxl.job.admin.service.XxlJobService;
|
||||||
import com.xxl.job.core.biz.model.ReturnT;
|
import com.xxl.job.core.biz.model.ReturnT;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
@ -61,19 +60,22 @@ public class IndexController {
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
@PermessionLimit(limit=false)
|
@PermessionLimit(limit=false)
|
||||||
public ReturnT<String> loginDo(HttpServletRequest request, HttpServletResponse response, String userName, String password, String ifRemember){
|
public ReturnT<String> loginDo(HttpServletRequest request, HttpServletResponse response, String userName, String password, String ifRemember){
|
||||||
if (!PermissionInterceptor.ifLogin(request)) {
|
// valid
|
||||||
if (StringUtils.isNotBlank(userName) && StringUtils.isNotBlank(password)
|
if (PermissionInterceptor.ifLogin(request)) {
|
||||||
&& PropertiesUtil.getString("xxl.job.login.username").equals(userName)
|
return ReturnT.SUCCESS;
|
||||||
&& PropertiesUtil.getString("xxl.job.login.password").equals(password)) {
|
|
||||||
boolean ifRem = false;
|
|
||||||
if (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember)) {
|
|
||||||
ifRem = true;
|
|
||||||
}
|
}
|
||||||
PermissionInterceptor.login(response, ifRem);
|
|
||||||
} else {
|
// param
|
||||||
|
if (StringUtils.isBlank(userName) || StringUtils.isBlank(password)){
|
||||||
|
return new ReturnT<String>(500, "账号或密码为空");
|
||||||
|
}
|
||||||
|
boolean ifRem = (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember))?true:false;
|
||||||
|
|
||||||
|
// do login
|
||||||
|
boolean loginRet = PermissionInterceptor.login(response, userName, password, ifRem);
|
||||||
|
if (!loginRet) {
|
||||||
return new ReturnT<String>(500, "账号或密码错误");
|
return new ReturnT<String>(500, "账号或密码错误");
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return ReturnT.SUCCESS;
|
return ReturnT.SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ package com.xxl.job.admin.controller.interceptor;
|
||||||
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
||||||
import com.xxl.job.admin.core.util.CookieUtil;
|
import com.xxl.job.admin.core.util.CookieUtil;
|
||||||
import com.xxl.job.admin.core.util.PropertiesUtil;
|
import com.xxl.job.admin.core.util.PropertiesUtil;
|
||||||
|
import org.apache.commons.codec.digest.DigestUtils;
|
||||||
import org.springframework.web.method.HandlerMethod;
|
import org.springframework.web.method.HandlerMethod;
|
||||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||||
|
|
||||||
|
@ -22,11 +23,25 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
||||||
static {
|
static {
|
||||||
String username = PropertiesUtil.getString("xxl.job.login.username");
|
String username = PropertiesUtil.getString("xxl.job.login.username");
|
||||||
String password = PropertiesUtil.getString("xxl.job.login.password");
|
String password = PropertiesUtil.getString("xxl.job.login.password");
|
||||||
String temp = username + "_" + password;
|
|
||||||
LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16);
|
// login token
|
||||||
|
String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
|
||||||
|
tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
|
||||||
|
|
||||||
|
LOGIN_IDENTITY_TOKEN = tokenTmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static boolean login(HttpServletResponse response, boolean ifRemember){
|
public static boolean login(HttpServletResponse response, String username, String password, boolean ifRemember){
|
||||||
|
|
||||||
|
// login token
|
||||||
|
String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
|
||||||
|
tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
|
||||||
|
|
||||||
|
if (!LOGIN_IDENTITY_TOKEN.equals(tokenTmp)){
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// do login
|
||||||
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
|
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -87,7 +87,6 @@ public class CookieUtil {
|
||||||
* @param request
|
* @param request
|
||||||
* @param response
|
* @param response
|
||||||
* @param key
|
* @param key
|
||||||
* @param domainName
|
|
||||||
*/
|
*/
|
||||||
public static void remove(HttpServletRequest request, HttpServletResponse response, String key) {
|
public static void remove(HttpServletRequest request, HttpServletResponse response, String key) {
|
||||||
Cookie cookie = get(request, key);
|
Cookie cookie = get(request, key);
|
||||||
|
|
Loading…
Reference in New Issue