fix: 移除JwtUserDto中的密码字段，确保密码不被序列化

2025-02-18 15:50:04 +08:00 · 2025-02-18 15:50:04 +08:00 · 332cf6c5fa
parent 6226763f47
commit 332cf6c5fa
4 changed files with 7 additions and 11 deletions
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
@ -100,8 +100,6 @@ public class AuthController {
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // 生成令牌
        String token = tokenProvider.createToken(jwtUser);
-        // 将密码设置为空
-        jwtUser.setPassword(null);
        // 返回 token 与 用户信息
        Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
            put("token", properties.getTokenStartWith() + token);
@ -121,8 +119,6 @@ public class AuthController {
    @GetMapping(value = "/info")
    public ResponseEntity<UserDetails> getUserInfo() {
        JwtUserDto jwtUser = (JwtUserDto) SecurityUtils.getCurrentUser();
-        // 将密码设置为空
-        jwtUser.setPassword(null);
        return ResponseEntity.ok(jwtUser);
    }

--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java
@ -55,7 +55,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
                // 获取用户的权限
                List<AuthorityDto> authorities = roleService.buildPermissions(user);
                // 初始化JwtUserDto
-                jwtUserDto = new JwtUserDto(user, dataService.getDeptIds(user), authorities, user.getPassword());
+                jwtUserDto = new JwtUserDto(user, dataService.getDeptIds(user), authorities);
                // 添加缓存数据
                userCacheManager.addUserCache(username, jwtUserDto);
            }
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java
@ -19,7 +19,6 @@ import com.alibaba.fastjson2.annotation.JSONField;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
-import lombok.Setter;
 import me.zhengjie.modules.system.service.dto.UserDto;
 import org.springframework.security.core.userdetails.UserDetails;
 import java.util.List;
@ -43,14 +42,16 @@ public class JwtUserDto implements UserDetails {
    @ApiModelProperty(value = "角色权限")
    private final List<AuthorityDto> authorities;

-    @Setter
-    @ApiModelProperty(value = "密码")
-    private String password;
-
    public Set<String> getRoles() {
        return authorities.stream().map(AuthorityDto::getAuthority).collect(Collectors.toSet());
    }

+    @Override
+    @JSONField(serialize = false)
+    public String getPassword() {
+        return user.getPassword();
+    }
+
    @Override
    @JSONField(serialize = false)
    public String getUsername() {
--- a/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserDto.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/system/service/dto/UserDto.java
@ -68,7 +68,6 @@ public class UserDto extends BaseDTO implements Serializable {
    @ApiModelProperty(value = "头像路径")
    private String avatarPath;

-    @JSONField(serialize = false)
    @ApiModelProperty(value = "密码")
    private String password;