From 91986f13f89a2c709041f09a0803a79c5a90513a Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: Sat, 4 Jul 2020 20:52:27 +0800
Subject: [PATCH] =?UTF-8?q?=E5=9B=BD=E5=AE=B6=E4=BF=A1=E6=81=AF=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8=E6=BC=8F=E6=B4=9E=EF=BC=88=E8=AF=B7=E5=8A=A1=E5=BF=85?=
 =?UTF-8?q?=E4=BF=9D=E6=8C=81cipherKey=E5=AF=86=E9=92=A5=E5=94=AF=E4=B8=80?=
 =?UTF-8?q?=E6=80=A7=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ruoyi-admin/src/main/resources/application.yml              | 2 ++
 .../main/java/com/ruoyi/framework/config/ShiroConfig.java   | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml
index 2cc71ff81..1d8a88d8c 100644
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@@ -108,6 +108,8 @@ shiro:
     httpOnly: true
     # 设置Cookie的过期时间，天为单位
     maxAge: 30
+    # 设置密钥，务必保持唯一性（生成方式，直接拷贝到main运行即可）KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecretKey deskey = keygen.generateKey(); System.out.println(Base64.encodeToString(deskey.getEncoded()));
+    cipherKey: zSyK5Kp6PZAAjlT+eeNMlg==
   session:
     # Session超时时间，-1代表永不过期（默认30分钟）
     expireTime: 30
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
index 25eef6136..cf6a89321 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
@@ -85,6 +85,10 @@ public class ShiroConfig
     @Value("${shiro.cookie.maxAge}")
     private int maxAge;
 
+    // 设置cipherKey密钥
+    @Value("${shiro.cookie.cipherKey}")
+    private String cipherKey;
+
     // 登录地址
     @Value("${shiro.user.loginUrl}")
     private String loginUrl;
@@ -328,7 +332,7 @@ public class ShiroConfig
     {
         CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
         cookieRememberMeManager.setCookie(rememberMeCookie());
-        cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ=="));
+        cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey));
         return cookieRememberMeManager;
     }