修改用户密码前先验证旧密码,增加安全性
This commit is contained in:
lawrencehj
@@ -7,7 +7,6 @@ import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -7,17 +7,12 @@ import com.github.xiaoymin.knife4j.core.util.StrUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.CredentialsContainer;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.Collection;
|
||||
|
||||
/**
|
||||
* 用户登录认证逻辑
|
||||
@@ -39,12 +34,12 @@ public class DefaultUserDetailsServiceImpl implements UserDetailsService {
|
||||
|
||||
// 查出密码
|
||||
User user = userService.getUserByUsername(username);
|
||||
String password = SecurityUtils.encryptPassword(user.getPassword());
|
||||
user.setPassword(password);
|
||||
if (user == null) {
|
||||
logger.info("登录用户:{} 不存在", username);
|
||||
throw new UsernameNotFoundException("登录用户:" + username + " 不存在");
|
||||
}
|
||||
String password = SecurityUtils.encryptPassword(user.getPassword());
|
||||
user.setPassword(password);
|
||||
return new LoginUser(user, LocalDateTime.now());
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package com.genersoft.iot.vmp.conf.security;
|
||||
|
||||
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
|
||||
import com.genersoft.iot.vmp.storager.dao.dto.User;
|
||||
import gov.nist.javax.sip.address.UserInfo;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
package com.genersoft.iot.vmp.storager.dao;
|
||||
|
||||
import com.genersoft.iot.vmp.gb28181.bean.GbStream;
|
||||
import com.genersoft.iot.vmp.storager.dao.dto.User;
|
||||
import org.apache.ibatis.annotations.*;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
@@ -3,16 +3,13 @@ package com.genersoft.iot.vmp.vmanager.user;
|
||||
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
|
||||
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
|
||||
import com.genersoft.iot.vmp.service.IUserService;
|
||||
import com.genersoft.iot.vmp.storager.dao.dto.User;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiImplicitParams;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.util.DigestUtils;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.security.sasl.AuthenticationException;
|
||||
@@ -53,17 +50,26 @@ public class UserController {
|
||||
@ApiOperation("修改密码")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "username", value = "用户名", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "password", value = "密码(未md5加密的密码)", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "oldpassword", value = "旧密码(已md5加密的密码)", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "password", value = "新密码(未md5加密的密码)", dataTypeClass = String.class),
|
||||
})
|
||||
@PostMapping("/changePassword")
|
||||
public String changePassword(String password){
|
||||
public String changePassword(String oldpassword, String password){
|
||||
// 获取当前登录用户id
|
||||
int userId = SecurityUtils.getUserId();
|
||||
boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
|
||||
if (result) {
|
||||
return "success";
|
||||
}else {
|
||||
return "fail";
|
||||
String username = SecurityUtils.getUserInfo().getUsername();
|
||||
LoginUser user = null;
|
||||
try {
|
||||
user = SecurityUtils.login(username, oldpassword, authenticationManager);
|
||||
if (user != null) {
|
||||
int userId = SecurityUtils.getUserId();
|
||||
boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
|
||||
if (result) {
|
||||
return "success";
|
||||
}
|
||||
}
|
||||
} catch (AuthenticationException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return "fail";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,8 +3,6 @@ package com.genersoft.iot.vmp.web;
|
||||
import com.genersoft.iot.vmp.service.IUserService;
|
||||
import com.genersoft.iot.vmp.storager.dao.dto.User;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
@CrossOrigin
|
||||
|
||||
Reference in New Issue
Block a user