用户密码验证方式修改

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/constant/SecurityConstants.java

@@ -10,7 +10,7 @@ public class SecurityConstants
     /**
      * 用户ID字段
      */
-    public static final String DETAILS_USER_ID = "user_id";
+    public static final String DETAILS_USER_ID = "id";
 
     /**
      * 用户名字段

soc-common/soc-common-security/src/main/java/com/xunmei/common/security/utils/SaltHelper.java

@@ -0,0 +1,82 @@
+package com.xunmei.common.security.utils;
+
+
+import cn.hutool.core.codec.Base64;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.util.UUID;
+
+/**
+ * Tkk
+ */
+@Slf4j
+public class SaltHelper {
+
+    private static final String KEY = "rDWBHusbFTlOURS4";
+
+    public static String decryptAES(final String content) {
+        try {
+            final SecretKeySpec skeySpec = new SecretKeySpec(KEY.getBytes("UTF-8"), "AES");
+            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // "算法/模式/补码方式"
+            cipher.init(Cipher.DECRYPT_MODE, skeySpec);
+            return new String(cipher.doFinal(Base64.decode(content)));
+        } catch (final Exception e) {
+//            e.printStackTrace();
+            return content;
+        }
+    }
+
+    public static String encryptAES(final String content) {
+        try {
+            final SecretKeySpec skeySpec = new SecretKeySpec(KEY.getBytes("UTF-8"), "AES");
+            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // "算法/模式/补码方式"
+            cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+            return Base64.encode(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));
+        } catch (final Exception e) {
+//            e.printStackTrace();
+            return content;
+        }
+    }
+
+    /**
+     * 比较相等
+     *
+     * @param src
+     * @param give
+     * @param salt
+     * @return
+     */
+    public static boolean isEquals(final String src, final String give, final String salt) {
+        final String pure = decryptAES(give);
+//        log.info("[ {} ] => [ {} ]", give, pure);
+        return src.equals(exec(pure, salt));
+    }
+
+    /**
+     * @param give
+     * @param salt
+     * @return
+     */
+    public static String exec(final String give, final String salt) {
+        return DigestUtils.md5Hex(give + DigestUtils.md5Hex(salt));
+    }
+
+    /**
+     * @return
+     */
+    public static String salt() {
+        return DigestUtils.md5Hex(UUID.randomUUID()
+                                      .toString());
+    }
+
+    public static void main(String[] args) {
+       // System.out.println(encryptAES("Admin123456"));
+      //  System.out.println(decryptAES("lQTeYH546VVRPTQXS/pcJg=="));
+        System.out.println(DigestUtils.md5Hex("6c88ab6be7661b3173455c28e9af1c19"));
+        System.out.println(DigestUtils.md5Hex("Admin@123456" + DigestUtils.md5Hex("6c88ab6be7661b3173455c28e9af1c19")));
+    }
+}

soc-common/soc-common-security/src/main/java/com/xunmei/common/security/utils/SecurityUtils.java

@@ -119,7 +119,8 @@ public class SecurityUtils {
     public static String decryptAES(final String content) {
         try {
             final SecretKeySpec skeySpec = new SecretKeySpec(KEY.getBytes("UTF-8"), "AES");
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // "算法/模式/补码方式"
+            // "算法/模式/补码方式"
+            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
             cipher.init(Cipher.DECRYPT_MODE, skeySpec);
             return new String(cipher.doFinal(Base64.decode(content)));
         } catch (final Exception e) {
@@ -130,7 +131,8 @@ public class SecurityUtils {
     public static String encryptAES(final String content) {
         try {
             final SecretKeySpec skeySpec = new SecretKeySpec(KEY.getBytes("UTF-8"), "AES");
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // "算法/模式/补码方式"
+            // "算法/模式/补码方式"
+            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
             return Base64.encode(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));
         } catch (final Exception e) {

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysProfileController.java

@@ -45,11 +45,12 @@ public class SysProfileController extends BaseController
     @GetMapping
     public AjaxResult profile()
     {
-        String username = SecurityUtils.getUsername();
-        SysUser user = userService.selectUserByUserName(username);
+        Long userId = SecurityUtils.getUserId();
+        SysUser user = userService.selectUserById(userId);
         AjaxResult ajax = AjaxResult.success(user);
-        ajax.put("roleGroup", userService.selectUserRoleGroup(username));
-        ajax.put("postGroup", userService.selectUserPostGroup(username));
+        ajax.put("roleGroup", userService.selectUserRoleGroup(user.getUsername()));
+//        ajax.put("postGroup", userService.selectUserPostGroup(username));
+        ajax.put("user", user);
         return ajax;
     }
 

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysUserController.java

@@ -10,6 +10,7 @@ import com.xunmei.common.log.annotation.Log;
 import com.xunmei.common.log.enums.BusinessType;
 import com.xunmei.common.security.annotation.InnerAuth;
 import com.xunmei.common.security.annotation.RequiresPermissions;
+import com.xunmei.common.security.utils.SaltHelper;
 import com.xunmei.common.security.utils.SecurityUtils;
 import com.xunmei.system.api.domain.SysDept;
 import com.xunmei.system.api.domain.SysOrg;
@@ -165,7 +166,11 @@ public class SysUserController extends BaseController {
 //        }
         user.setCreateBy(SecurityUtils.getUsername());
         user.setCreateTime(new Date());
-        user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
+        //isp的加密方式
+        final String salt = SaltHelper.salt();
+        user.setSalt(salt);
+        user.setPassword(SaltHelper.exec(user.getPassword(), salt));
+//        user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         return toAjax(userService.insertUser(user));
     }
 

soc-modules/soc-modules-system/src/main/resources/mapper/system/SysMenuMapper.xml

@@ -140,11 +140,13 @@
 	</select>
 
 	<select id="selectMenuPermsByUserId" parameterType="Long" resultType="String">
-		select distinct m.perms
-		from sys_menu m
-			 left join sys_role_menu rm on m.menu_id = rm.menu_id
-			 left join sys_user_role ur on rm.role_id = ur.role_id
-			 left join sys_role r on r.role_id = ur.role_id
+		SELECT DISTINCT
+			m.perms
+		FROM
+			sys_menu m
+				LEFT JOIN sys_role_menu rm ON m.id = rm.menu_id
+				LEFT JOIN sys_user_role ur ON rm.role_id = ur.role_id
+				LEFT JOIN sys_role r ON r.id = ur.role_id
 		where m.status = '0' and r.status = '0' and ur.user_id = #{userId}
 	</select>