renun/zfile
1
0
Fork 0
mirror of https://github.com/zfile-dev/zfile.git synced 2025-04-19 05:34:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

🔒 修复任意用户名均可登陆后台的安全问题.

Browse Source
This commit is contained in:
zhaojun1998
2020-02-29 15:47:24 +08:00
parent fadc64add4
commit 6ee5002f0c
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/im/zhaojun/common/security/MyUserDetailsServiceImpl.java
View File

@@ -9,6 +9,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import javax.annotation.Resource;
import java.util.Collections;
import java.util.Objects;
/**
* @author zhaojun
@@ -24,6 +25,9 @@ public class MyUserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
SystemConfigDTO systemConfig = systemConfigService.getSystemConfig();
if (!Objects.equals(systemConfig.getUsername(), username)) {
throw new UsernameNotFoundException("用户名不存在");
}
return new User(systemConfig.getUsername(), systemConfig.getPassword(), Collections.emptyList());
}
}