github
/
RuoYi
mirror of https://gitee.com/y_project/RuoYi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

动态生成密匙,防止默认密钥泄露

pull/283/MERGE
RuoYi 2021-05-15 21:54:32 +08:00
parent b9b2b866b2
commit 4d55f5df17
3 changed files with 38 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ruoyi-admin/src/main/resources/application.yml
View File

@ -108,8 +108,6 @@ shiro:
httpOnly: true httpOnly: true
# 设置Cookie的过期时间天为单位 # 设置Cookie的过期时间天为单位
maxAge: 30 maxAge: 30
# 设置密钥务必保持唯一性生成方式直接拷贝到main运行即可KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecretKey deskey = keygen.generateKey(); System.out.println(Base64.encodeToString(deskey.getEncoded()));
cipherKey: zSyK5Kp6PZAAjlT+eeNMlg==
session: session:
# Session超时时间-1代表永不过期默认30分钟 # Session超时时间-1代表永不过期默认30分钟
expireTime: 30 expireTime: 30

36
ruoyi-common/src/main/java/com/ruoyi/common/utils/security/CipherUtils.java Normal file
View File

@ -0,0 +1,36 @@
package com.ruoyi.common.utils.security;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import javax.crypto.KeyGenerator;
/**
*
*
* @author ruoyi
*/
public class CipherUtils
{
/**
*
*
* @param keyBitSize
* @param algorithmName
* @return
*/
public static Key generateNewKey(int keyBitSize, String algorithmName)
{
KeyGenerator kg;
try
{
kg = KeyGenerator.getInstance(algorithmName);
}
catch (NoSuchAlgorithmException e)
{
String msg = "Unable to acquire " + algorithmName + " algorithm. This is required to function.";
throw new IllegalStateException(msg, e);
}
kg.init(keyBitSize);
return kg.generateKey();
}
}

10
ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
View File

@ -8,7 +8,6 @@ import java.util.Map;
import javax.servlet.Filter; import javax.servlet.Filter;
import org.apache.commons.io.IOUtils; import org.apache.commons.io.IOUtils;
import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.config.ConfigurationException; import org.apache.shiro.config.ConfigurationException;
import org.apache.shiro.io.ResourceUtils; import org.apache.shiro.io.ResourceUtils;
import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.mgt.SecurityManager;
@ -23,6 +22,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import com.ruoyi.common.constant.Constants; import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.security.CipherUtils;
import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.shiro.realm.UserRealm; import com.ruoyi.framework.shiro.realm.UserRealm;
import com.ruoyi.framework.shiro.session.OnlineSessionDAO; import com.ruoyi.framework.shiro.session.OnlineSessionDAO;
@ -104,12 +104,6 @@ public class ShiroConfig
@Value("${shiro.cookie.maxAge}") @Value("${shiro.cookie.maxAge}")
private int maxAge; private int maxAge;
/**
* cipherKey
*/
@Value("${shiro.cookie.cipherKey}")
private String cipherKey;
/** /**
* *
*/ */
@ -357,7 +351,7 @@ public class ShiroConfig
{ {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie()); cookieRememberMeManager.setCookie(rememberMeCookie());
cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey)); cookieRememberMeManager.setCipherKey(CipherUtils.generateNewKey(128, "AES").getEncoded());
return cookieRememberMeManager; return cookieRememberMeManager;
} }