登录密码加密

2 months ago · 683973b642
parent 368c71aaa8
commit 683973b642
3 changed files with 56 additions and 2 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/tc/controller/UnitController.java
@ -103,6 +103,7 @@ public class UnitController {
    @ApiOperation(value = "根据用户编号获取详细信息")
    @GetMapping("/{id}")
    public AjaxResult getInfo(@PathVariable(value = "id") Long id) {
+        System.out.println(SecurityUtils.encryptPassword("TcZc@2024"));
        return AjaxResult.success(unitService.getById(id));
    }

--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/RsaUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/RsaUtils.java
@ -0,0 +1,45 @@
+package com.ruoyi.common.utils;
+
+import javax.crypto.Cipher;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+/**
+ * RSA加密解密
+ *
+ * @author ruoyi
+ **/
+public class RsaUtils
+{
+    // Rsa 私钥
+    private static final String PRIVATE_KEY = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCXxtLWRhOIyEhLkxlTbndtzS6RrGsDWV8LOIAEXFCsLZzT20ytAaO4fpXXHah80EwaE4P25Y3+qQBDL8fA5780pSoLDo3Si/qC5KuowNb8F1ncGXSuYzX/3mNMLXF98UW96PvFY198hto8j5snhYtf01WI2L0eZPQFE3Mnh3ZHzos88Jr5vEto+OyHZHa0GRsuRSi33vr1olo8+LA8JkcyS5B6eMdKalYvSiSV6owfwQZfuPoDkD/ghRc8w0owzOSJJGmwgnrkYmYMBudHdldF8LwzNUEEkHrOvk3QXg33Fl8X4lL9jHvbq0K76sDoYMLJPG1D/Ccqk93AU/mdRYJZAgMBAAECggEAG+w3M7aWt25pZoX8fc3v6OJ7s88trOMPSkgtvR+is9p8ZLmOxLFthm67cGUDb1r+9Tkr6QtYcUZ0RugObt3z3mKYdopJ6zdXcidRsW0w4BYHsSd5wO99qsImMIiXvZzawNKRJ0Jd+dHxanzdBYtbFdkSfmepe2MFRb3LTLVuPE1oCTKbzwqPSGWERpkejZJz+Cthc/xp7PWNFtfmEASEuAmYV0tdWC0H6NJqTtg2Stotp4hlk/jTKLoYQW/m3pmnkw1QbVRh1B9mtxTVtGV6HzhiQbuc5HWaUvBm4ysiXjFEtCTpBeDjwvnD1wkDXR1SyVdYiAfDYM2zCCs5OvWPFQKBgQD3MONf6Jn7x6Xo2uwsKwca4HFkfIHpK5TdiFB9p2eCZ4V8JZNPv02fPRldFb56nYVmdNVoo8/z4WG9t6uNoTLDMqTI0wVkrJCufQCI/50XnKITEmLfXOKXkwhekRLi1oho0nEsbaQllFFrlfx4NkcgoW6XL1TW8eRx8JD7EORI9wKBgQCdL3mZ5gumLLhB/RTK5G786jJtztNxQ4jpFtClv25uPJgqsRgSVoLnnTCmLm/yGsHNna/CHbA4mYOYzXiM10WUK1tEqPwYm0nalQAxtXJjNgERKjWWaopZW/f4pCBPV8RG4dk/+13zjPCYTeS4i7J89psHljqoeQoLe4xazLKLLwKBgHgV+f/34gadIQ6UfDOg25zE+JFWo04BbBqLRH8munRxkjmTj5MoXq9DYXUFQToUGGCD1cE2A6p5DaC6/86YRy7pBYDCc1ZLNyZtd7sWYty7rUkSn5Hfb/0u4tv+ImysyCwUQALTaPEQstVPUg2cYMWLZ0xvJAogDVkFA4nU1PJVAoGAEBQ7LDMMHgOVFar95YNYlyad4f22Q2/VIYLj9RCQC1bHehaDj9ypp2e9AkLd0LZL/OyUfhbrX97UR109Z6rdwzpsK6ndn+bCt0lmq68T9HIhyc+3i5t6a4ms5BJl+7fOrDGON61O/wr70ZimPPqNV5siYLRNa8516JbK1L77xKECgYEAyaTui+7B27219nwgoin9AuM0H7B+rzz0GkXmYXzWhxgKB+eBuJbZsrUTOBVkk66j3Ss4cJvQJ9utcFBnS6msEAUCYU6OuInIb/PMv8I7DC7SrrTZpyD9LXKIB4aYtqPrntZSo+75EAHgXNpRYqUwkpZbCuYSIXebno4JOxB1RK8=" +
+            "CfhCau4K5xqFfYnCDxwN6EfWtl118/RC/H1G6YUH9VZ02hTsIKtcdoz/w3knVDuL/i1uCtKtJDdyejF8osix2IVVA2HNoUPEG+3VH0IJjOoFTZTP76LcuQvgig6pjAtB5+GFPVkkrdxWZc3rn+psCdzYBueVhDRDFatKxfvAQMk90SMNVOLApB8u4aWUdxGju3vOKO5ShBUVutyczTzAOW39hHdzXX5CvGPXNYNv7S55AVAI5ZVdn11dyxgPr6u7n7AuHtc2pvUddHTRM/UczNN5lkpdMvISQy4iHwCw9wGVax3kvRxMzhYiBricSKJWbl4LiAMRV3P15LWkaBwSkw==";
+
+    /**
+     * 利用私钥进行解密
+     */
+    public static String decryptByPrivateKey(String decodeString) throws Exception {
+        // 将传入的Base64编码字符串解码为字节数组
+        byte[] encryptedBytes = java.util.Base64.getDecoder().decode(decodeString);
+        // 使用私钥解密
+        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(org.apache.commons.codec.binary.Base64.decodeBase64(PRIVATE_KEY));
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
+        byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
+        // 返回解密后的字符串
+        return new String(decryptedBytes);
+    }
+
+    /**
+     * 解密操作
+     */
+    private static byte[] decrypt(byte[] data, PrivateKey privateKey) throws Exception {
+        // 获取RSA算法的Cipher实例
+        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
+        // 用私钥初始化Cipher实例，设置为解密模式
+        cipher.init(Cipher.DECRYPT_MODE, privateKey);
+        // 执行解密操作，返回解密后的字节数组
+        return cipher.doFinal(data);
+    }
+}
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@ -1,6 +1,8 @@
 package com.ruoyi.framework.web.service;

 import javax.annotation.Resource;
+
+import com.ruoyi.common.utils.RsaUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@ -63,15 +65,21 @@ public class SysLoginService
     */
    public String login(String username, String password, String code, String uuid)
    {
+        String strP;
+        try {
+            strP = RsaUtils.decryptByPrivateKey(password);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
        // 验证码校验
        validateCaptcha(username, code, uuid);
        // 登录前置校验
-        loginPreCheck(username, password);
+        loginPreCheck(username, strP);
        // 用户验证
        Authentication authentication = null;
        try
        {
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, strP);
            AuthenticationContextHolder.setContext(authenticationToken);
            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
            authentication = authenticationManager.authenticate(authenticationToken);