修改用户密码前先验证旧密码，增加安全性

2021-04-15 11:42:05 +08:00
parent 8bd962c006
commit a70e327a8e
8 changed files with 41 additions and 31 deletions
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
@@ -7,7 +7,6 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;

-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
@@ -7,17 +7,12 @@ import com.github.xiaoymin.knife4j.core.util.StrUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.CredentialsContainer;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
-import org.springframework.stereotype.Service;

 import java.time.LocalDateTime;
-import java.util.Collection;

 /**
 * 用户登录认证逻辑
@@ -39,12 +34,12 @@ public class DefaultUserDetailsServiceImpl implements UserDetailsService {

        // 查出密码
        User user = userService.getUserByUsername(username);
-        String password = SecurityUtils.encryptPassword(user.getPassword());
-        user.setPassword(password);
        if (user == null) {
            logger.info("登录用户：{} 不存在", username);
            throw new UsernameNotFoundException("登录用户：" + username + " 不存在");
        }
+        String password = SecurityUtils.encryptPassword(user.getPassword());
+        user.setPassword(password);
        return new LoginUser(user, LocalDateTime.now());
    }

--- a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
@@ -1,8 +1,6 @@
 package com.genersoft.iot.vmp.conf.security;

 import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
-import gov.nist.javax.sip.address.UserInfo;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;