From e8b2ca46862565b7b6d2f05c3f45f7873afe044e Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期四, 31 八月 2023 16:39:18 +0800
Subject: [PATCH] 将生成jwt令牌和验证jwt令牌时使用的公钥私钥由固定值修改为每次启动服务时动态生产；剔除jwt token中包含的password和roleId，防止密码泄露。

---
 src/main/java/com/genersoft/iot/vmp/conf/security/dto/LoginUser.java |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/dto/LoginUser.java b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/LoginUser.java
index 93680fd..61bd6fa 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/dto/LoginUser.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/dto/LoginUser.java
@@ -1,5 +1,6 @@
 package com.genersoft.iot.vmp.conf.security.dto;
 
+import com.genersoft.iot.vmp.storager.dao.dto.Role;
 import com.genersoft.iot.vmp.storager.dao.dto.User;
 import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.GrantedAuthority;
@@ -17,6 +18,8 @@
      * 鐢ㄦ埛
      */
     private User user;
+
+    private String accessToken;
 
 
     /**
@@ -93,9 +96,16 @@
         return user.getId();
     }
 
-    public int getRoleId() {
-        return user.getRoleId();
+    public Role getRole() {
+        return user.getRole();
     }
 
 
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
 }

--
Gitblit v1.8.0