From 1d60395161787cdbf4aecb3c7f5eacb24e9cf7ad Mon Sep 17 00:00:00 2001 From: zhaojun1998 Date: Sat, 7 Dec 2019 21:59:41 +0800 Subject: [PATCH] =?UTF-8?q?:lock:=20=E5=AF=86=E7=A0=81=E5=8A=A0=E5=AF=86?= =?UTF-8?q?=E7=94=B1=20BCrypt=20=E4=BF=AE=E6=94=B9=E4=B8=BA=20MD5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/controller/InstallController.java | 4 ++-- .../common/security/MD5PasswordEncoder.java | 17 +++++++++++++++++ .../common/security/MySecurityConfig.java | 3 +-- .../common/service/SystemConfigService.java | 3 ++- 4 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 src/main/java/im/zhaojun/common/security/MD5PasswordEncoder.java diff --git a/src/main/java/im/zhaojun/common/controller/InstallController.java b/src/main/java/im/zhaojun/common/controller/InstallController.java index fc6b46e..5461352 100644 --- a/src/main/java/im/zhaojun/common/controller/InstallController.java +++ b/src/main/java/im/zhaojun/common/controller/InstallController.java @@ -1,5 +1,6 @@ package im.zhaojun.common.controller; +import cn.hutool.crypto.SecureUtil; import im.zhaojun.common.model.StorageConfig; import im.zhaojun.common.model.dto.InstallModelDTO; import im.zhaojun.common.model.dto.ResultBean; @@ -8,7 +9,6 @@ import im.zhaojun.common.model.enums.StorageTypeEnum; import im.zhaojun.common.service.FileService; import im.zhaojun.common.service.StorageConfigService; import im.zhaojun.common.service.SystemConfigService; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -58,7 +58,7 @@ public class InstallController { StorageTypeEnum storageTypeEnum = installModelDTO.getStorageStrategy(); systemConfigDTO.setStorageStrategy(storageTypeEnum); systemConfigDTO.setUsername(installModelDTO.getUsername()); - systemConfigDTO.setPassword(new BCryptPasswordEncoder().encode(installModelDTO.getPassword())); + systemConfigDTO.setPassword(SecureUtil.md5(installModelDTO.getPassword())); systemConfigDTO.setDomain(installModelDTO.getDomain()); systemConfigService.updateSystemConfig(systemConfigDTO); diff --git a/src/main/java/im/zhaojun/common/security/MD5PasswordEncoder.java b/src/main/java/im/zhaojun/common/security/MD5PasswordEncoder.java new file mode 100644 index 0000000..f3f9a79 --- /dev/null +++ b/src/main/java/im/zhaojun/common/security/MD5PasswordEncoder.java @@ -0,0 +1,17 @@ +package im.zhaojun.common.security; + +import cn.hutool.crypto.SecureUtil; +import org.springframework.security.crypto.password.PasswordEncoder; + +public class MD5PasswordEncoder implements PasswordEncoder { + + @Override + public String encode(CharSequence rawPassword) { + return SecureUtil.md5(rawPassword.toString()); + } + + @Override + public boolean matches(CharSequence rawPassword, String encodedPassword) { + return SecureUtil.md5(rawPassword.toString()).equals(encodedPassword); + } +} diff --git a/src/main/java/im/zhaojun/common/security/MySecurityConfig.java b/src/main/java/im/zhaojun/common/security/MySecurityConfig.java index 4e9ba7e..fa9d6ba 100644 --- a/src/main/java/im/zhaojun/common/security/MySecurityConfig.java +++ b/src/main/java/im/zhaojun/common/security/MySecurityConfig.java @@ -11,7 +11,6 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import javax.annotation.Resource; @@ -116,7 +115,7 @@ public class MySecurityConfig extends WebSecurityConfigurerAdapter { @Bean public static PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); + return new MD5PasswordEncoder(); } } \ No newline at end of file diff --git a/src/main/java/im/zhaojun/common/service/SystemConfigService.java b/src/main/java/im/zhaojun/common/service/SystemConfigService.java index 6a13137..41c0202 100644 --- a/src/main/java/im/zhaojun/common/service/SystemConfigService.java +++ b/src/main/java/im/zhaojun/common/service/SystemConfigService.java @@ -1,5 +1,6 @@ package im.zhaojun.common.service; +import cn.hutool.crypto.SecureUtil; import im.zhaojun.common.config.StorageTypeFactory; import im.zhaojun.common.model.SystemConfig; import im.zhaojun.common.model.constant.SystemConfigConstant; @@ -105,7 +106,7 @@ public class SystemConfigService { usernameConfig.setValue(username); systemConfigRepository.save(usernameConfig); - password = new BCryptPasswordEncoder().encode(password); + password = SecureUtil.md5(password);; SystemConfig systemConfig = systemConfigRepository.findByKey(SystemConfigConstant.PASSWORD); systemConfig.setValue(password);