From 20fb4d458fc49e77760c3b766706274f3195c845 Mon Sep 17 00:00:00 2001
From: dougang <78125310@kidgrow.com>
Date: Mon, 22 Jun 2020 17:05:11 +0800
Subject: [PATCH] 解密登录信息
---
kidgrow-commons/kidgrow-authclient-spring-boot-starter/src/main/java/com/kidgrow/authclient/util/AuthUtils.java | 12 +++++++-----
kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/controller/OAuth2Controller.java | 9 +++++++--
kidgrow-commons/kidgrow-common-spring-boot-starter/src/main/java/com/kidgrow/common/utils/AesUtils.java | 13 ++++++++-----
3 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/kidgrow-commons/kidgrow-authclient-spring-boot-starter/src/main/java/com/kidgrow/authclient/util/AuthUtils.java b/kidgrow-commons/kidgrow-authclient-spring-boot-starter/src/main/java/com/kidgrow/authclient/util/AuthUtils.java
index 176a9fa..426b1ec 100644
--- a/kidgrow-commons/kidgrow-authclient-spring-boot-starter/src/main/java/com/kidgrow/authclient/util/AuthUtils.java
+++ b/kidgrow-commons/kidgrow-authclient-spring-boot-starter/src/main/java/com/kidgrow/authclient/util/AuthUtils.java
@@ -2,14 +2,13 @@
import com.kidgrow.common.constant.CommonConstant;
import com.kidgrow.common.model.SysUser;
+import com.kidgrow.common.utils.AesUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import javax.servlet.http.HttpServletRequest;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
import java.util.Enumeration;
/**
@@ -82,9 +81,12 @@
* @param header header中的参数
*/
public static String[] extractHeaderClient(String header) {
- byte[] base64Client = header.substring(BASIC_.length()).getBytes(StandardCharsets.UTF_8);
- byte[] decoded = Base64.getDecoder().decode(base64Client);
- String clientStr = new String(decoded, StandardCharsets.UTF_8);
+ String clientStr = null;
+ try{
+ clientStr = AesUtils.desEncrypt(header.substring(BASIC_.length()));
+ }catch(Exception w){
+ log.error("Header解密失败", w);
+ }
String[] clientArr = clientStr.split(":");
if (clientArr.length != 2) {
throw new RuntimeException("Invalid basic authentication token");
diff --git a/kidgrow-commons/kidgrow-common-spring-boot-starter/src/main/java/com/kidgrow/common/utils/AesUtils.java b/kidgrow-commons/kidgrow-common-spring-boot-starter/src/main/java/com/kidgrow/common/utils/AesUtils.java
index 118bfe3..9f13ad6 100644
--- a/kidgrow-commons/kidgrow-common-spring-boot-starter/src/main/java/com/kidgrow/common/utils/AesUtils.java
+++ b/kidgrow-commons/kidgrow-common-spring-boot-starter/src/main/java/com/kidgrow/common/utils/AesUtils.java
@@ -23,9 +23,10 @@
/**
* 加密方法
- * @param data 要加密的数据
- * @param key 加密key
- * @param iv 加密iv
+ *
+ * @param data 要加密的数据
+ * @param key 加密key
+ * @param iv 加密iv
* @return 加密的结果
* @throws Exception
*/
@@ -55,9 +56,10 @@
/**
* 解密方法
+ *
* @param data 要解密的数据
* @param key 解密key
- * @param iv 解密iv
+ * @param iv 解密iv
* @return 解密的结果
* @throws Exception
*/
@@ -69,7 +71,7 @@
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] original = cipher.doFinal(encrypted1);
- String originalString = new String(original);
+ String originalString = new String(original).trim();
return originalString;
} catch (Exception e) {
e.printStackTrace();
@@ -89,6 +91,7 @@
/**
* 使用默认的key和iv解密
+ *
* @param data
* @return
* @throws Exception
diff --git a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/controller/OAuth2Controller.java b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/controller/OAuth2Controller.java
index f5e695b..9478d1a 100644
--- a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/controller/OAuth2Controller.java
+++ b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/controller/OAuth2Controller.java
@@ -6,6 +6,7 @@
import com.kidgrow.authclient.util.AuthUtils;
import com.kidgrow.common.constant.SecurityConstants;
import com.kidgrow.common.context.ClientContextHolder;
+import com.kidgrow.common.utils.AesUtils;
import com.kidgrow.common.utils.ResponseUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
@@ -62,8 +63,12 @@
public void getUserTokenInfo(
@ApiParam(required = true, name = "username", value = "账号") String username,
@ApiParam(required = true, name = "password", value = "密码") String password,
- HttpServletRequest request, HttpServletResponse response) throws IOException {
- UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
+ HttpServletRequest request, HttpServletResponse response) throws Exception {
+ //先解密
+ String decryptName = AesUtils.desEncrypt(username).trim();
+ String decryptPwd = AesUtils.desEncrypt(password).trim();
+
+ UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(decryptName, decryptPwd);
writerToken(request, response, token, "用户名或密码错误");
}
--
Gitblit v1.8.0