From 61e2a07ee2709d6eb9144ec069ef7229bd8ee398 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期五, 11 二月 2022 15:03:09 +0800
Subject: [PATCH] update 使用 satoken 自带的 BCrypt 工具 替换 Security 加密工具 减少依赖
---
ruoyi-common/src/main/java/com/ruoyi/common/helper/LoginHelper.java | 15 +++++++
/dev/null | 47 -----------------------
ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java | 4 +-
ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java | 4 +-
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysSensitiveServiceImpl.java | 3 -
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java | 9 ++--
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java | 8 ++--
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java | 4 +-
ruoyi-common/pom.xml | 5 --
ruoyi-framework/src/main/java/com/ruoyi/framework/handler/PlusDataPermissionHandler.java | 3 -
ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java | 4 +-
11 files changed, 34 insertions(+), 72 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
index c69f061..84d4c0b 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
@@ -1,5 +1,6 @@
package com.ruoyi.web.controller.system;
+import cn.dev33.satoken.secure.BCrypt;
import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
@@ -7,7 +8,6 @@
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.helper.LoginHelper;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.domain.SysOss;
import com.ruoyi.system.service.ISysOssService;
@@ -92,13 +92,14 @@
SysUser user = userService.selectUserById(LoginHelper.getUserId());
String userName = user.getUserName();
String password = user.getPassword();
- if (!SecurityUtils.matchesPassword(oldPassword, password)) {
+ if (!BCrypt.checkpw(oldPassword, password)) {
return R.fail("淇敼瀵嗙爜澶辫触锛屾棫瀵嗙爜閿欒");
}
- if (SecurityUtils.matchesPassword(newPassword, password)) {
+ if (BCrypt.checkpw(newPassword, password)) {
return R.fail("鏂板瘑鐮佷笉鑳戒笌鏃у瘑鐮佺浉鍚�");
}
- if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0) {
+
+ if (userService.resetUserPwd(userName, BCrypt.hashpw(newPassword)) > 0) {
return R.ok();
}
return R.fail("淇敼瀵嗙爜寮傚父锛岃鑱旂郴绠$悊鍛�");
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index ac81600..18ba4a3 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -1,21 +1,21 @@
package com.ruoyi.web.controller.system;
import cn.dev33.satoken.annotation.SaCheckPermission;
+import cn.dev33.satoken.secure.BCrypt;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
-import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.domain.PageQuery;
+import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.excel.ExcelResult;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.system.domain.vo.SysUserExportVo;
@@ -137,7 +137,7 @@
&& UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
return R.fail("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
- user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
+ user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.insertUser(user));
}
@@ -185,7 +185,7 @@
public R<Void> resetPwd(@RequestBody SysUser user) {
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
+ user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.resetPwd(user));
}
diff --git a/ruoyi-common/pom.xml b/ruoyi-common/pom.xml
index 91a741a..6e25be7 100644
--- a/ruoyi-common/pom.xml
+++ b/ruoyi-common/pom.xml
@@ -40,11 +40,6 @@
<artifactId>sa-token-jwt</artifactId>
</dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-crypto</artifactId>
- </dependency>
-
<!-- 鑷畾涔夐獙璇佹敞瑙� -->
<dependency>
<groupId>org.springframework.boot</groupId>
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/helper/LoginHelper.java b/ruoyi-common/src/main/java/com/ruoyi/common/helper/LoginHelper.java
index aa18339..a152208 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/helper/LoginHelper.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/helper/LoginHelper.java
@@ -118,4 +118,19 @@
return UserType.getUserType(loginId);
}
+ /**
+ * 鏄惁涓虹鐞嗗憳
+ *
+ * @param userId 鐢ㄦ埛ID
+ * @return 缁撴灉
+ */
+ public static boolean isAdmin(Long userId) {
+ return userId != null && 1L == userId;
+ }
+
+ public static boolean isAdmin() {
+ Long userId = getUserId();
+ return userId != null && 1L == userId;
+ }
+
}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
deleted file mode 100644
index 72c9453..0000000
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
+++ /dev/null
@@ -1,47 +0,0 @@
-package com.ruoyi.common.utils;
-
-import lombok.AccessLevel;
-import lombok.NoArgsConstructor;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-
-/**
- * 瀹夊叏鏈嶅姟宸ュ叿绫�
- *
- * @author Long Li
- */
-@NoArgsConstructor(access = AccessLevel.PRIVATE)
-public class SecurityUtils {
-
- /**
- * 鐢熸垚BCryptPasswordEncoder瀵嗙爜
- *
- * @param password 瀵嗙爜
- * @return 鍔犲瘑瀛楃涓�
- */
- public static String encryptPassword(String password) {
- BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
- return passwordEncoder.encode(password);
- }
-
- /**
- * 鍒ゆ柇瀵嗙爜鏄惁鐩稿悓
- *
- * @param rawPassword 鐪熷疄瀵嗙爜
- * @param encodedPassword 鍔犲瘑鍚庡瓧绗�
- * @return 缁撴灉
- */
- public static boolean matchesPassword(String rawPassword, String encodedPassword) {
- BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
- return passwordEncoder.matches(rawPassword, encodedPassword);
- }
-
- /**
- * 鏄惁涓虹鐞嗗憳
- *
- * @param userId 鐢ㄦ埛ID
- * @return 缁撴灉
- */
- public static boolean isAdmin(Long userId) {
- return userId != null && 1L == userId;
- }
-}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/PlusDataPermissionHandler.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/PlusDataPermissionHandler.java
index 5e76242..f2a60a4 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/PlusDataPermissionHandler.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/PlusDataPermissionHandler.java
@@ -13,7 +13,6 @@
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.helper.DataPermissionHelper;
import com.ruoyi.common.helper.LoginHelper;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import lombok.extern.slf4j.Slf4j;
@@ -80,7 +79,7 @@
DataPermissionHelper.setVariable("user", currentUser);
}
// 濡傛灉鏄秴绾х鐞嗗憳锛屽垯涓嶈繃婊ゆ暟鎹�
- if (ObjectUtil.isNull(currentUser) || SecurityUtils.isAdmin(currentUser.getUserId())) {
+ if (ObjectUtil.isNull(currentUser) || LoginHelper.isAdmin(currentUser.getUserId())) {
return where;
}
String dataFilterSql = buildDataFilter(dataColumns, isSelect);
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
index 20cb14d..58f2f31 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
@@ -1,5 +1,6 @@
package com.ruoyi.system.listener;
+import cn.dev33.satoken.secure.BCrypt;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.ObjectUtil;
import com.alibaba.excel.context.AnalysisContext;
@@ -9,7 +10,6 @@
import com.ruoyi.common.excel.ExcelResult;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.helper.LoginHelper;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ValidatorUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.vo.SysUserImportVo;
@@ -43,7 +43,7 @@
public SysUserImportListener(Boolean isUpdateSupport) {
String initPassword = SpringUtils.getBean(ISysConfigService.class).selectConfigByKey("sys.user.initPassword");
this.userService = SpringUtils.getBean(ISysUserService.class);
- this.password = SecurityUtils.encryptPassword(initPassword);
+ this.password = BCrypt.hashpw(initPassword);
this.isUpdateSupport = isUpdateSupport;
this.operName = LoginHelper.getUsername();
}
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
index 60e3ca7..d280318 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
@@ -1,5 +1,6 @@
package com.ruoyi.system.service;
+import cn.dev33.satoken.secure.BCrypt;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.ObjectUtil;
@@ -16,7 +17,6 @@
import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.redis.RedisUtils;
import lombok.RequiredArgsConstructor;
@@ -68,7 +68,7 @@
SysUser user = loadUserByUsername(username);
- if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
+ if (!BCrypt.checkpw(password, user.getPassword())) {
// 鏄惁绗竴娆�
errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
// 杈惧埌瑙勫畾閿欒娆℃暟 鍒欓攣瀹氱櫥褰�
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
index 5f44991..396f035 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
@@ -1,5 +1,6 @@
package com.ruoyi.system.service;
+import cn.dev33.satoken.secure.BCrypt;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysUser;
@@ -10,7 +11,6 @@
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserException;
import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.redis.RedisUtils;
import lombok.RequiredArgsConstructor;
@@ -53,7 +53,7 @@
SysUser sysUser = new SysUser();
sysUser.setUserName(username);
sysUser.setNickName(username);
- sysUser.setPassword(SecurityUtils.encryptPassword(password));
+ sysUser.setPassword(BCrypt.hashpw(password));
sysUser.setUserType(userType);
boolean regFlag = userService.registerUser(sysUser);
if (!regFlag) {
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
index 431ec95..a171a93 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
@@ -9,7 +9,7 @@
import com.ruoyi.common.core.domain.entity.SysMenu;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.TreeBuildUtils;
import com.ruoyi.system.domain.SysRoleMenu;
@@ -99,7 +99,7 @@
@Override
public List<SysMenu> selectMenuTreeByUserId(Long userId) {
List<SysMenu> menus = null;
- if (SecurityUtils.isAdmin(userId)) {
+ if (LoginHelper.isAdmin(userId)) {
menus = baseMapper.selectMenuTreeAll();
} else {
menus = baseMapper.selectMenuTreeByUserId(userId);
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysSensitiveServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysSensitiveServiceImpl.java
index 40cae23..08d4cc4 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysSensitiveServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysSensitiveServiceImpl.java
@@ -2,7 +2,6 @@
import com.ruoyi.common.core.service.SensitiveService;
import com.ruoyi.common.helper.LoginHelper;
-import com.ruoyi.common.utils.SecurityUtils;
import org.springframework.stereotype.Service;
/**
@@ -21,7 +20,7 @@
*/
@Override
public boolean isSensitive() {
- return SecurityUtils.isAdmin(LoginHelper.getUserId());
+ return LoginHelper.isAdmin();
}
}
--
Gitblit v1.9.3