Microservice/pqs
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

增加认证日志

Browse Source
This commit is contained in:
hongawen
2023-08-30 09:36:54 +08:00
parent df90363043
commit 3ab0cb7be9
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java
View File

@@ -81,7 +81,6 @@ public class AuthController extends BaseController {
String methodDescribe = getMethodDescribe("postAccessToken");
String username = parameters.get(SecurityConstants.USERNAME);
String grantType = parameters.get(SecurityConstants.GRANT_TYPE);
log.error("登录参数为:" + parameters);
if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA)) {
username = DesUtils.aesDecrypt(username);
} else if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_SMS_CODE)) {

1
pqs-auth/src/main/java/com/njcn/auth/security/granter/CaptchaTokenGranter.java
View File

@@ -76,7 +76,6 @@ public class CaptchaTokenGranter extends AbstractTokenGranter {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException | BadCredentialsException ase) {
//covers expired, locked, disabled cases
ase.printStackTrace();
throw new InvalidGrantException(ase.getMessage());
}
// If the username/password are wrong the spec says we should send 400/invalid grant

3
pqs-auth/src/main/java/com/njcn/auth/security/provider/Sm4AuthenticationProvider.java
View File

@@ -47,6 +47,7 @@ public class Sm4AuthenticationProvider extends AbstractUserDetailsAuthentication
}
String presentedPassword = authentication.getCredentials().toString();
log.error("用户当前密码:"+presentedPassword);
BusinessUser businessUser = (BusinessUser)userDetails;
String secretKey = businessUser.getSecretKey();
Sm4Utils sm4 = new Sm4Utils(secretKey);
@@ -54,6 +55,8 @@ public class Sm4AuthenticationProvider extends AbstractUserDetailsAuthentication
String sm4PwdOnce = sm4.encryptData_ECB(presentedPassword);
//SM4加密(密码+工作秘钥)
String sm4PwdTwice = sm4.encryptData_ECB(sm4PwdOnce + secretKey);
log.error("加密后的:"+sm4PwdTwice);
log.error("数据库的:"+businessUser.getPassword());
if(!businessUser.getPassword().equalsIgnoreCase(sm4PwdTwice)){
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials",