diff --git a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java index c2fe7d6c..85a488a8 100644 --- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java +++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java @@ -1,6 +1,8 @@ package me.zhengjie.modules.security.rest; import cn.hutool.core.util.IdUtil; +import cn.hutool.crypto.asymmetric.KeyType; +import cn.hutool.crypto.asymmetric.RSA; import com.wf.captcha.ArithmeticCaptcha; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -44,6 +46,8 @@ public class AuthController { @Value("${loginCode.expiration}") private Long expiration; + @Value("${rsa.private_key}") + private String privateKey; private final SecurityProperties properties; private final RedisUtils redisUtils; private final UserDetailsService userDetailsService; @@ -65,6 +69,9 @@ public class AuthController { @AnonymousAccess @PostMapping(value = "/login") public ResponseEntity login(@Validated @RequestBody AuthUser authUser, HttpServletRequest request){ + // 密码解密 + RSA rsa = new RSA(privateKey, null); + String password = new String(rsa.decrypt(authUser.getPassword(), KeyType.PrivateKey)); // 查询验证码 String code = (String) redisUtils.get(authUser.getUuid()); // 清除验证码 @@ -76,7 +83,7 @@ public class AuthController { throw new BadRequestException("验证码错误"); } UsernamePasswordAuthenticationToken authenticationToken = - new UsernamePasswordAuthenticationToken(authUser.getUsername(), authUser.getPassword()); + new UsernamePasswordAuthenticationToken(authUser.getUsername(), password); Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken); SecurityContextHolder.getContext().setAuthentication(authentication); diff --git a/eladmin-system/src/main/resources/config/application.yml b/eladmin-system/src/main/resources/config/application.yml index 6ebf8549..cf7bf659 100644 --- a/eladmin-system/src/main/resources/config/application.yml +++ b/eladmin-system/src/main/resources/config/application.yml @@ -51,4 +51,8 @@ code: #登录图形验证码有效时间/分钟 loginCode: - expiration: 2 \ No newline at end of file + expiration: 2 + +#密码加密传输,前端公钥加密,后端私钥解密 +rsa: + private_key: MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEA0vfvyTdGJkdbHkB8mp0f3FE0GYP3AYPaJF7jUd1M0XxFSE2ceK3k2kw20YvQ09NJKk+OMjWQl9WitG9pB6tSCQIDAQABAkA2SimBrWC2/wvauBuYqjCFwLvYiRYqZKThUS3MZlebXJiLB+Ue/gUifAAKIg1avttUZsHBHrop4qfJCwAI0+YRAiEA+W3NK/RaXtnRqmoUUkb59zsZUBLpvZgQPfj1MhyHDz0CIQDYhsAhPJ3mgS64NbUZmGWuuNKp5coY2GIj/zYDMJp6vQIgUueLFXv/eZ1ekgz2Oi67MNCk5jeTF2BurZqNLR3MSmUCIFT3Q6uHMtsB9Eha4u7hS31tj1UWE+D+ADzp59MGnoftAiBeHT7gDMuqeJHPL4b+kC+gzV4FGTfhR9q3tTbklZkD2A== \ No newline at end of file