github
/
RuoYi
mirror of https://gitee.com/y_project/RuoYi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

国家信息安全漏洞(请务必保持cipherKey密钥唯一性)

pull/170/MERGE
RuoYi 2020-07-04 20:52:27 +08:00
parent 7728ad9eb4
commit 91986f13f8
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ruoyi-admin/src/main/resources/application.yml
View File

@ -108,6 +108,8 @@ shiro:
httpOnly: true httpOnly: true
# 设置Cookie的过期时间天为单位 # 设置Cookie的过期时间天为单位
maxAge: 30 maxAge: 30
# 设置密钥务必保持唯一性生成方式直接拷贝到main运行即可KeyGenerator keygen = KeyGenerator.getInstance("AES"); SecretKey deskey = keygen.generateKey(); System.out.println(Base64.encodeToString(deskey.getEncoded()));
cipherKey: zSyK5Kp6PZAAjlT+eeNMlg==
session: session:
# Session超时时间-1代表永不过期默认30分钟 # Session超时时间-1代表永不过期默认30分钟
expireTime: 30 expireTime: 30

6
ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
View File

@ -85,6 +85,10 @@ public class ShiroConfig
@Value("${shiro.cookie.maxAge}") @Value("${shiro.cookie.maxAge}")
private int maxAge; private int maxAge;
// 设置cipherKey密钥
@Value("${shiro.cookie.cipherKey}")
private String cipherKey;
// 登录地址 // 登录地址
@Value("${shiro.user.loginUrl}") @Value("${shiro.user.loginUrl}")
private String loginUrl; private String loginUrl;
@ -328,7 +332,7 @@ public class ShiroConfig
{ {
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie()); cookieRememberMeManager.setCookie(rememberMeCookie());
cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ==")); cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey));
return cookieRememberMeManager; return cookieRememberMeManager;
} }