系统安全性优化，登陆Token写Cookie时进行MD5加密；

doc/XXL-JOB官方文档.md

@@ -1101,7 +1101,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
 - 24、Log地址格式兼容，支持非"/"结尾路径配置；
 - 25、底层系统日志级别规范调整，清理遗留代码；
 - 26、建表SQL优化，支持同步创建制定编码的库和表；
-
+- 27、系统安全性优化，登陆Token写Cookie时进行MD5加密；
 
 
 ### TODO LIST

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java

@@ -2,7 +2,6 @@ package com.xxl.job.admin.controller;
 
 import com.xxl.job.admin.controller.annotation.PermessionLimit;
 import com.xxl.job.admin.controller.interceptor.PermissionInterceptor;
-import com.xxl.job.admin.core.util.PropertiesUtil;
 import com.xxl.job.admin.service.XxlJobService;
 import com.xxl.job.core.biz.model.ReturnT;
 import org.apache.commons.lang3.StringUtils;
@@ -61,18 +60,21 @@ public class IndexController {
 	@ResponseBody
 	@PermessionLimit(limit=false)
 	public ReturnT<String> loginDo(HttpServletRequest request, HttpServletResponse response, String userName, String password, String ifRemember){
-		if (!PermissionInterceptor.ifLogin(request)) {
+		// valid
-			if (StringUtils.isNotBlank(userName) && StringUtils.isNotBlank(password)
+		if (PermissionInterceptor.ifLogin(request)) {
-					&& PropertiesUtil.getString("xxl.job.login.username").equals(userName)
+			return ReturnT.SUCCESS;
-					&& PropertiesUtil.getString("xxl.job.login.password").equals(password)) {
+		}
-				boolean ifRem = false;
+
-				if (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember)) {
+		// param
-					ifRem = true;
+		if (StringUtils.isBlank(userName) || StringUtils.isBlank(password)){
-				}
+			return new ReturnT<String>(500, "账号或密码为空");
-				PermissionInterceptor.login(response, ifRem);
+		}
-			} else {
+		boolean ifRem = (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember))?true:false;
-				return new ReturnT<String>(500, "账号或密码错误");
+
-			}
+		// do login
+		boolean loginRet = PermissionInterceptor.login(response, userName, password, ifRem);
+		if (!loginRet) {
+			return new ReturnT<String>(500, "账号或密码错误");
 		}
 		return ReturnT.SUCCESS;
 	}

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/interceptor/PermissionInterceptor.java

@@ -3,6 +3,7 @@ package com.xxl.job.admin.controller.interceptor;
 import com.xxl.job.admin.controller.annotation.PermessionLimit;
 import com.xxl.job.admin.core.util.CookieUtil;
 import com.xxl.job.admin.core.util.PropertiesUtil;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
@@ -22,11 +23,25 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
     static {
         String username = PropertiesUtil.getString("xxl.job.login.username");
         String password = PropertiesUtil.getString("xxl.job.login.password");
-        String temp = username + "_" + password;
+
-        LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16);
+        // login token
+        String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
+		tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
+
+		LOGIN_IDENTITY_TOKEN = tokenTmp;
     }
 	
-	public static boolean login(HttpServletResponse response, boolean ifRemember){
+	public static boolean login(HttpServletResponse response, String username, String password, boolean ifRemember){
+
+    	// login token
+		String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
+		tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
+
+		if (!LOGIN_IDENTITY_TOKEN.equals(tokenTmp)){
+			return false;
+		}
+
+		// do login
 		CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
 		return true;
 	}

xxl-job-admin/src/main/java/com/xxl/job/admin/core/util/CookieUtil.java

@@ -87,7 +87,6 @@ public class CookieUtil {
 	 * @param request
 	 * @param response
 	 * @param key
-	 * @param domainName
 	 */
 	public static void remove(HttpServletRequest request, HttpServletResponse response, String key) {
 		Cookie cookie = get(request, key);