将生成jwt令牌和验证jwt令牌时使用的公钥私钥由固定值修改为每次启动服务时动态生产；剔除jwt token中包含的password和roleId，防止密码泄露。

2023-08-31 16:39:18 +08:00
parent dc37f66792
commit e8b2ca4686
2 changed files with 54 additions and 33 deletions
--- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
+++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
@@ -57,7 +57,7 @@ public class UserController {
        if (user == null) {
            throw new ControllerException(ErrorCode.ERROR100.getCode(), "用户名或密码错误");
        }else {
-            String jwt = JwtUtils.createToken(username, password, user.getRole().getId());
+            String jwt = JwtUtils.createToken(username);
            response.setHeader(JwtUtils.getHeader(), jwt);
            user.setAccessToken(jwt);
        }