From a70e327a8efaf38d74911ea568419a087fbd235a Mon Sep 17 00:00:00 2001
From: lawrencehj <1934378145@qq.com>
Date: 星期四, 15 四月 2021 11:42:05 +0800
Subject: [PATCH] 修改用户密码前先验证旧密码,增加安全性
---
src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java | 9 ++-------
1 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
index c010335..63569ef 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
@@ -7,17 +7,12 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.CredentialsContainer;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
-import org.springframework.stereotype.Service;
import java.time.LocalDateTime;
-import java.util.Collection;
/**
* 鐢ㄦ埛鐧诲綍璁よ瘉閫昏緫
@@ -39,12 +34,12 @@
// 鏌ュ嚭瀵嗙爜
User user = userService.getUserByUsername(username);
- String password = SecurityUtils.encryptPassword(user.getPassword());
- user.setPassword(password);
if (user == null) {
logger.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�", username);
throw new UsernameNotFoundException("鐧诲綍鐢ㄦ埛锛�" + username + " 涓嶅瓨鍦�");
}
+ String password = SecurityUtils.encryptPassword(user.getPassword());
+ user.setPassword(password);
return new LoginUser(user, LocalDateTime.now());
}
--
Gitblit v1.8.0