Merge pull request #64 from geekidea/dev

springboot-plus · web-flow · commit 3fe79cce27df · 2019-10-04T20:56:04.000+08:00
🇨🇳 1.3.0.RELEASE shiro+jwt
diff --git a/src/main/java/io/geekidea/springbootplus/shiro/jwt/JwtFilter.java b/src/main/java/io/geekidea/springbootplus/shiro/jwt/JwtFilter.java
@@ -82,7 +82,12 @@ protected AuthenticationToken createToken(ServletRequest servletRequest, Servlet
         }
 
         String username = JwtUtil.getUsername(token);
-        String salt = loginRedisService.getSalt(username);
+        String salt;
+        if (jwtProperties.isSaltCheck()){
+            salt = loginRedisService.getSalt(username);
+        }else{
+            salt = jwtProperties.getSecret();
+        }
         return JwtToken.build(token, username, salt, jwtProperties.getExpireSecond());
     }
 
diff --git a/src/main/java/io/geekidea/springbootplus/shiro/jwt/JwtProperties.java b/src/main/java/io/geekidea/springbootplus/shiro/jwt/JwtProperties.java
@@ -79,4 +79,9 @@ public class JwtProperties {
      */
     private boolean singleLogin;
 
+    /**
+     * 是否进行盐值校验
+     */
+    private boolean saltCheck;
+
 }
diff --git a/src/main/java/io/geekidea/springbootplus/shiro/service/impl/LoginServiceImpl.java b/src/main/java/io/geekidea/springbootplus/shiro/service/impl/LoginServiceImpl.java
@@ -81,8 +81,13 @@ public ApiResult login(LoginParam loginParam, HttpServletResponse response) {
             log.error("登陆失败,loginParam:{}", loginParam);
             return ApiResult.fail(ApiCode.LOGIN_EXCEPTION);
         }
-        // 包装盐值
-        String newSalt = SaltUtil.getSalt(jwtProperties.getSecret(), loginSysUserVo.getSalt());
+        String newSalt;
+        if (jwtProperties.isSaltCheck()){
+            // 包装盐值
+            newSalt = SaltUtil.getSalt(jwtProperties.getSecret(), loginSysUserVo.getSalt());
+        }else{
+            newSalt = jwtProperties.getSecret();
+        }
         // 删除登陆用户盐值，盐值保存到后台Redis缓存中
         loginSysUserVo.setSalt(null);
 
diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml
@@ -127,6 +127,8 @@ spring-boot-plus:
     redis-check: true
     # true: 同一个账号只能是最后一次登陆token有效，false：同一个账号可多次登陆
     single-login: false
+    # 盐值校验，如果不加自定义盐值，则使用secret校验
+    salt-check: true
   ############################ JWT end ###############################
 
 ############################### spring-boot-plus end ###############################

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,12 @@ protected AuthenticationToken createToken(ServletRequest servletRequest, Servlet`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`String username = JwtUtil.getUsername(token);`
`85`		`- String salt = loginRedisService.getSalt(username);`
	`85`	`+ String salt;`
	`86`	`+ if (jwtProperties.isSaltCheck()){`
	`87`	`+ salt = loginRedisService.getSalt(username);`
	`88`	`+ }else{`
	`89`	`+ salt = jwtProperties.getSecret();`
	`90`	`+ }`
`86`	`91`	`return JwtToken.build(token, username, salt, jwtProperties.getExpireSecond());`
`87`	`92`	`}`
`88`	`93`
Original file line number	Diff line number	Diff line change
`@@ -79,4 +79,9 @@ public class JwtProperties {`
`79`	`79`	`*/`
`80`	`80`	`private boolean singleLogin;`
`81`	`81`
	`82`	`+ /**`
	`83`	`+ * 是否进行盐值校验`
	`84`	`+ */`
	`85`	`+ private boolean saltCheck;`
	`86`	`+`
`82`	`87`	`}`