From 3ab0cb7be9aebf3bd209375c3e1580d0d132228c Mon Sep 17 00:00:00 2001 From: hongawen <83944980@qq.com> Date: Wed, 30 Aug 2023 09:36:54 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AE=A4=E8=AF=81=E6=97=A5?= =?UTF-8?q?=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/com/njcn/auth/controller/AuthController.java | 1 - .../com/njcn/auth/security/granter/CaptchaTokenGranter.java | 1 - .../njcn/auth/security/provider/Sm4AuthenticationProvider.java | 3 +++ 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java b/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java index ee72d5f79..616eafc29 100644 --- a/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java +++ b/pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java @@ -81,7 +81,6 @@ public class AuthController extends BaseController { String methodDescribe = getMethodDescribe("postAccessToken"); String username = parameters.get(SecurityConstants.USERNAME); String grantType = parameters.get(SecurityConstants.GRANT_TYPE); - log.error("登录参数为:" + parameters); if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA)) { username = DesUtils.aesDecrypt(username); } else if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_SMS_CODE)) { diff --git a/pqs-auth/src/main/java/com/njcn/auth/security/granter/CaptchaTokenGranter.java b/pqs-auth/src/main/java/com/njcn/auth/security/granter/CaptchaTokenGranter.java index 138089a5c..b5aa9f613 100644 --- a/pqs-auth/src/main/java/com/njcn/auth/security/granter/CaptchaTokenGranter.java +++ b/pqs-auth/src/main/java/com/njcn/auth/security/granter/CaptchaTokenGranter.java @@ -76,7 +76,6 @@ public class CaptchaTokenGranter extends AbstractTokenGranter { userAuth = authenticationManager.authenticate(userAuth); } catch (AccountStatusException | BadCredentialsException ase) { //covers expired, locked, disabled cases - ase.printStackTrace(); throw new InvalidGrantException(ase.getMessage()); } // If the username/password are wrong the spec says we should send 400/invalid grant diff --git a/pqs-auth/src/main/java/com/njcn/auth/security/provider/Sm4AuthenticationProvider.java b/pqs-auth/src/main/java/com/njcn/auth/security/provider/Sm4AuthenticationProvider.java index 8492ca17d..101b9f3ec 100644 --- a/pqs-auth/src/main/java/com/njcn/auth/security/provider/Sm4AuthenticationProvider.java +++ b/pqs-auth/src/main/java/com/njcn/auth/security/provider/Sm4AuthenticationProvider.java @@ -47,6 +47,7 @@ public class Sm4AuthenticationProvider extends AbstractUserDetailsAuthentication } String presentedPassword = authentication.getCredentials().toString(); + log.error("用户当前密码:"+presentedPassword); BusinessUser businessUser = (BusinessUser)userDetails; String secretKey = businessUser.getSecretKey(); Sm4Utils sm4 = new Sm4Utils(secretKey); @@ -54,6 +55,8 @@ public class Sm4AuthenticationProvider extends AbstractUserDetailsAuthentication String sm4PwdOnce = sm4.encryptData_ECB(presentedPassword); //SM4加密(密码+工作秘钥) String sm4PwdTwice = sm4.encryptData_ECB(sm4PwdOnce + secretKey); + log.error("加密后的:"+sm4PwdTwice); + log.error("数据库的:"+businessUser.getPassword()); if(!businessUser.getPassword().equalsIgnoreCase(sm4PwdTwice)){ throw new BadCredentialsException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.badCredentials",