系统安全性优化,登陆Token写Cookie时进行MD5加密;
This commit is contained in:
parent
014b341ff8
commit
3569b1422c
|
@ -1101,7 +1101,7 @@ Tips: 历史版本(V1.3.x)目前已经Release至稳定版本, 进入维护阶段
|
|||
- 24、Log地址格式兼容,支持非"/"结尾路径配置;
|
||||
- 25、底层系统日志级别规范调整,清理遗留代码;
|
||||
- 26、建表SQL优化,支持同步创建制定编码的库和表;
|
||||
|
||||
- 27、系统安全性优化,登陆Token写Cookie时进行MD5加密;
|
||||
|
||||
|
||||
### TODO LIST
|
||||
|
|
|
@ -2,7 +2,6 @@ package com.xxl.job.admin.controller;
|
|||
|
||||
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
||||
import com.xxl.job.admin.controller.interceptor.PermissionInterceptor;
|
||||
import com.xxl.job.admin.core.util.PropertiesUtil;
|
||||
import com.xxl.job.admin.service.XxlJobService;
|
||||
import com.xxl.job.core.biz.model.ReturnT;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
@ -61,18 +60,21 @@ public class IndexController {
|
|||
@ResponseBody
|
||||
@PermessionLimit(limit=false)
|
||||
public ReturnT<String> loginDo(HttpServletRequest request, HttpServletResponse response, String userName, String password, String ifRemember){
|
||||
if (!PermissionInterceptor.ifLogin(request)) {
|
||||
if (StringUtils.isNotBlank(userName) && StringUtils.isNotBlank(password)
|
||||
&& PropertiesUtil.getString("xxl.job.login.username").equals(userName)
|
||||
&& PropertiesUtil.getString("xxl.job.login.password").equals(password)) {
|
||||
boolean ifRem = false;
|
||||
if (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember)) {
|
||||
ifRem = true;
|
||||
}
|
||||
PermissionInterceptor.login(response, ifRem);
|
||||
} else {
|
||||
return new ReturnT<String>(500, "账号或密码错误");
|
||||
}
|
||||
// valid
|
||||
if (PermissionInterceptor.ifLogin(request)) {
|
||||
return ReturnT.SUCCESS;
|
||||
}
|
||||
|
||||
// param
|
||||
if (StringUtils.isBlank(userName) || StringUtils.isBlank(password)){
|
||||
return new ReturnT<String>(500, "账号或密码为空");
|
||||
}
|
||||
boolean ifRem = (StringUtils.isNotBlank(ifRemember) && "on".equals(ifRemember))?true:false;
|
||||
|
||||
// do login
|
||||
boolean loginRet = PermissionInterceptor.login(response, userName, password, ifRem);
|
||||
if (!loginRet) {
|
||||
return new ReturnT<String>(500, "账号或密码错误");
|
||||
}
|
||||
return ReturnT.SUCCESS;
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package com.xxl.job.admin.controller.interceptor;
|
|||
import com.xxl.job.admin.controller.annotation.PermessionLimit;
|
||||
import com.xxl.job.admin.core.util.CookieUtil;
|
||||
import com.xxl.job.admin.core.util.PropertiesUtil;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
|
@ -22,11 +23,25 @@ public class PermissionInterceptor extends HandlerInterceptorAdapter {
|
|||
static {
|
||||
String username = PropertiesUtil.getString("xxl.job.login.username");
|
||||
String password = PropertiesUtil.getString("xxl.job.login.password");
|
||||
String temp = username + "_" + password;
|
||||
LOGIN_IDENTITY_TOKEN = new BigInteger(1, temp.getBytes()).toString(16);
|
||||
|
||||
// login token
|
||||
String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
|
||||
tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
|
||||
|
||||
LOGIN_IDENTITY_TOKEN = tokenTmp;
|
||||
}
|
||||
|
||||
public static boolean login(HttpServletResponse response, boolean ifRemember){
|
||||
public static boolean login(HttpServletResponse response, String username, String password, boolean ifRemember){
|
||||
|
||||
// login token
|
||||
String tokenTmp = DigestUtils.md5Hex(username + "_" + password);
|
||||
tokenTmp = new BigInteger(1, tokenTmp.getBytes()).toString(16);
|
||||
|
||||
if (!LOGIN_IDENTITY_TOKEN.equals(tokenTmp)){
|
||||
return false;
|
||||
}
|
||||
|
||||
// do login
|
||||
CookieUtil.set(response, LOGIN_IDENTITY_KEY, LOGIN_IDENTITY_TOKEN, ifRemember);
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -87,7 +87,6 @@ public class CookieUtil {
|
|||
* @param request
|
||||
* @param response
|
||||
* @param key
|
||||
* @param domainName
|
||||
*/
|
||||
public static void remove(HttpServletRequest request, HttpServletResponse response, String key) {
|
||||
Cookie cookie = get(request, key);
|
||||
|
|
Loading…
Reference in New Issue