From e8b2ca46862565b7b6d2f05c3f45f7873afe044e Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期四, 31 八月 2023 16:39:18 +0800
Subject: [PATCH] 将生成jwt令牌和验证jwt令牌时使用的公钥私钥由固定值修改为每次启动服务时动态生产；剔除jwt token中包含的password和roleId，防止密码泄露。

---
 src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java b/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java
index fdb05e5..05ecb07 100644
--- a/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java
+++ b/src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java
@@ -171,7 +171,7 @@
      */
     public boolean doAuthenticatePlainTextPassword(Request request, String pass) {
         AuthorizationHeader authHeader = (AuthorizationHeader) request.getHeader(AuthorizationHeader.NAME);
-        if ( authHeader == null ) {
+        if ( authHeader == null || authHeader.getRealm() == null) {
             return false;
         }
         String realm = authHeader.getRealm().trim();

--
Gitblit v1.8.0