From fc96e4d7fc20dbec5d2d96c6e8c557c1cc3212d3 Mon Sep 17 00:00:00 2001
From: wjli <591616088@qq.com>
Date: 星期一, 08 四月 2024 18:53:10 +0800
Subject: [PATCH] 修改密码错误登录bug

---
 xboot-core/src/main/java/cn/exrick/xboot/core/config/security/WebSecurityConfig.java         |    2 +-
 xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java |   11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
index 68ba9f5..80a4f40 100644
--- a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
+++ b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
@@ -1,13 +1,16 @@
 package cn.exrick.xboot.core.config.security;
 
+import cn.exrick.xboot.core.common.utils.ResultUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import jodd.util.Base64;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Component;
 
 /**
@@ -17,8 +20,16 @@
 public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
     @Override
     protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+        if (authentication.getCredentials()==null){
+            throw new BadCredentialsException("瀵嗙爜涓虹┖");
+        }
         String password= authentication.getCredentials().toString();
         password = Base64.decodeToString(password);
+        if (!new BCryptPasswordEncoder().matches(password, userDetails.getPassword())) {
+            throw new BadCredentialsException("瀵嗙爜閿欒");
+        }
+
+
         UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), password);
         newAuthentication.setDetails(authentication.getDetails());
     }
diff --git a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/WebSecurityConfig.java b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/WebSecurityConfig.java
index fabd594..efe320c 100644
--- a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/WebSecurityConfig.java
+++ b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/WebSecurityConfig.java
@@ -133,7 +133,7 @@
                 .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
                 .and()
                 //鍥惧舰楠岃瘉鐮佽繃婊ゅ櫒
-                //.addFilterBefore(imageValidateFilter, UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(imageValidateFilter, UsernamePasswordAuthenticationFilter.class)
                 // 鐭俊楠岃瘉鐮佽繃婊ゅ櫒
                 //.addFilterBefore(smsValidateFilter, UsernamePasswordAuthenticationFilter.class)
                 // vaptcha楠岃瘉鐮佽繃婊ゅ櫒

--
Gitblit v1.9.1