:bug: 修复 BUG

src/main/java/com/ifast/common/shiro/realm/IFastModularRealm.java

@@ -1,80 +0,0 @@
-package com.ifast.common.shiro.realm;
-
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.authc.pam.AuthenticationStrategy;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.authc.pam.UnsupportedTokenException;
-import org.apache.shiro.realm.Realm;
-
-import java.util.Collection;
-
-/**
- * <pre>
- * </pre>
- * <small> 2018年5月1日 | Aron</small>
- */
-@Slf4j
-public class IFastModularRealm extends ModularRealmAuthenticator {
-
-    @Override
-    protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) {
-        if (!realm.supports(token)) {
-            throw new UnsupportedTokenException("不支持的token类型");
-        }
-
-        AuthenticationInfo info = realm.getAuthenticationInfo(token);
-        if (info == null) {
-            throw new UnknownAccountException("token无效");
-        }
-
-        return info;
-    }
-
-    @Override
-    protected AuthenticationInfo doMultiRealmAuthentication(Collection<Realm> realms, AuthenticationToken token) {
-
-        AuthenticationStrategy strategy = getAuthenticationStrategy();
-
-        AuthenticationInfo aggregate = strategy.beforeAllAttempts(realms, token);
-
-        if (log.isTraceEnabled()) {
-            log.trace("Iterating through {} realms for PAM authentication", realms.size());
-        }
-        AuthenticationException ex = null;
-        for (Realm realm : realms) {
-            aggregate = strategy.beforeAttempt(realm, token, aggregate);
-
-            if (realm.supports(token)) {
-                AuthenticationInfo info = null;
-                try {
-                    info = realm.getAuthenticationInfo(token);
-                } catch (AuthenticationException e) {
-                    e.printStackTrace();
-                    ex = e;
-                }
-
-                aggregate = strategy.afterAttempt(realm, token, info, aggregate, ex);
-
-            } else {
-                log.debug("Realm [{}] does not support token {}.  Skipping realm.", realm, token);
-            }
-        }
-
-        try {
-            aggregate = strategy.afterAllAttempts(token, aggregate);
-        } catch (Exception e) {
-            log.debug(e.getMessage());
-        }
-
-        if (ex != null){
-            throw ex;
-        }
-
-        return aggregate;
-    }
-
-}

src/main/java/com/ifast/common/utils/MD5Utils.java

@@ -1,29 +0,0 @@
-package com.ifast.common.utils;
-
-import org.apache.shiro.crypto.hash.SimpleHash;
-import org.apache.shiro.util.ByteSource;
-
-public class MD5Utils {
-	private static final String SALT = "1qazxsw2";
-
-	private static final String ALGORITH_NAME = "md5";
-
-	private static final int HASH_ITERATIONS = 2;
-
-	public static String encrypt(String pswd) {
-		String newPassword = new SimpleHash(ALGORITH_NAME, pswd, ByteSource.Util.bytes(SALT), HASH_ITERATIONS).toHex();
-		return newPassword;
-	}
-
-	public static String encrypt(String username, String pswd) {
-		String newPassword = new SimpleHash(ALGORITH_NAME, pswd, ByteSource.Util.bytes(username + SALT),
-				HASH_ITERATIONS).toHex();
-		return newPassword;
-	}
-	public static void main(String[] args) {
-		
-		System.out.println(MD5Utils.encrypt("admin", "1"));
-		
-	}
-
-}

src/main/java/com/ifast/sys/service/impl/UserServiceImpl.java

@@ -15,8 +15,8 @@ import com.ifast.sys.domain.UserDO;
 import com.ifast.sys.domain.UserRoleDO;
 import com.ifast.sys.service.UserService;
 import com.ifast.sys.vo.UserVO;
+import lombok.AllArgsConstructor;
 import org.apache.commons.lang.ArrayUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;
@@ -35,13 +35,12 @@ import java.util.*;
  */
 @Transactional
 @Service("sysUserServiceImpl")
+@AllArgsConstructor
 public class UserServiceImpl extends CoreServiceImpl<UserDao, UserDO> implements UserService {
-    @Autowired
-    private UserRoleDao userRoleMapper;
-    @Autowired
-    private DeptDao deptMapper;
-    @Autowired
-    private FileService sysFileService;
+
+    private final UserRoleDao userRoleMapper;
+    private final DeptDao deptMapper;
+    private final FileService sysFileService;
 
     @Override
     public UserDO selectById(Serializable id) {
@@ -141,7 +140,12 @@ public class UserServiceImpl extends CoreServiceImpl<UserDao, UserDO> implements
         if ("admin".equals(userDO.getUsername())) {
             throw new IFastException(EnumErrorCode.userUpdatePwd4adminNotAllowed.getCodeStr());
         }
-        userDO.setPassword(MD5Utils.encrypt(userDO.getUsername(), userVO.getPwdNew()));
+
+        String salt = UUIDUtils.get();
+        String passwd = PasswdUtils.get(userVO.getPwdNew(), salt);
+        userDO.setSalt(salt);
+        userDO.setPassword(passwd);
+
         return baseMapper.updateById(userDO);
 
     }