密码加密传递暂时注释掉\swagger设置全局token,解决接口需要token验证的问题

6f831dbb · JEECG低代码平台 · 29d77c89 · 6f831dbb · 6f831dbb · 6f831dbb
3 changed file
--- a/ant-design-vue-jeecg/src/views/user/Login.vue
+++ b/ant-design-vue-jeecg/src/views/user/Login.vue
@@ -227,17 +227,9 @@
    created () {
      Vue.ls.remove(ACCESS_TOKEN)
      this.getRouterData();
-      this.getEncrypte();
-      // update-begin- --- author:scott ------ date:20190225 ---- for:暂时注释，未实现登录验证码功能
-//      this.$http.get('/auth/2step-code')
-//        .then(res => {
-//          this.requiredTwoStepCaptcha = res.result.stepCode
-//        }).catch(err => {
-//          console.log('2step-code:', err)
-//        })
-      // update-end- --- author:scott ------ date:20190225 ---- for:暂时注释，未实现登录验证码功能
-      // this.requiredTwoStepCaptcha = true
-
+      // update-begin- --- author:scott ------ date:20190805 ---- for:密码加密逻辑暂时注释掉，有点问题
+      //this.getEncrypte();
+      // update-end- --- author:scott ------ date:20190805 ---- for:密码加密逻辑暂时注释掉，有点问题
    },
    methods: {
      ...mapActions([ "Login", "Logout","PhoneLogin" ]),
@@ -266,8 +258,12 @@
          that.form.validateFields([ 'username', 'password','inputCode' ], { force: true }, (err, values) => {
            if (!err) {
              loginParams.username = values.username
+              // update-begin- --- author:scott ------ date:20190805 ---- for:密码加密逻辑暂时注释掉，有点问题
              //loginParams.password = md5(values.password)
-              loginParams.password = encryption(values.password,that.encryptedString.key,that.encryptedString.iv).replace(/\+/g,"%2B");
+              //loginParams.password = encryption(values.password,that.encryptedString.key,that.encryptedString.iv)
+              loginParams.password = values.password
+              // update-begin- --- author:scott ------ date:20190805 ---- for:密码加密逻辑暂时注释掉，有点问题
+
              that.Login(loginParams).then((res) => {
                this.departConfirm(res)
              }).catch((err) => {

--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/config/Swagger2Config.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/config/Swagger2Config.java
 package org.jeecg.config;

 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;

 import org.jeecg.modules.shiro.vo.DefContants;
@@ -12,6 +13,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import com.github.xiaoymin.swaggerbootstrapui.annotations.EnableSwaggerBootstrapUI;

 import io.swagger.annotations.ApiOperation;
+import springfox.documentation.service.ApiKey;
 import springfox.documentation.service.Parameter;
 import lombok.extern.slf4j.Slf4j;
 import springfox.documentation.builders.ApiInfoBuilder;
@@ -20,6 +22,7 @@ import springfox.documentation.builders.PathSelectors;
 import springfox.documentation.builders.RequestHandlerSelectors;
 import springfox.documentation.schema.ModelRef;
 import springfox.documentation.service.ApiInfo;
+import springfox.documentation.service.SecurityScheme;
 import springfox.documentation.spi.DocumentationType;
 import springfox.documentation.spring.web.plugins.Docket;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
@@ -62,9 +65,20 @@ public class Swagger2Config implements WebMvcConfigurer {
 	            .apis(RequestHandlerSelectors.withMethodAnnotation(ApiOperation.class))
 				.paths(PathSelectors.any())
 				.build()
-				.globalOperationParameters(setHeaderToken());
+				.securitySchemes(Collections.singletonList(securityScheme()));
+				//.globalOperationParameters(setHeaderToken());
 	}

+	/***
+	 * oauth2配置
+	 * 需要增加swagger授权回调地址
+	 * http://localhost:8888/webjars/springfox-swagger-ui/o2c.html
+	 * @return
+	 */
+	@Bean
+	SecurityScheme securityScheme() {
+		return new ApiKey(DefContants.X_ACCESS_TOKEN, DefContants.X_ACCESS_TOKEN, "header");
+	}
 	/**
 	 * JWT token
 	 * @return
@@ -90,11 +104,11 @@ public class Swagger2Config implements WebMvcConfigurer {
 				.version("1.0")
 //				.termsOfServiceUrl("NO terms of service")
 				// 描述
-				.description("restful 风格接口")
+				.description("后台API接口")
 				// 作者
-//				.contact(new Contact("scott", "http://jeecg.org", "jeecgos@163.com"))
-//                .license("The Apache License, Version 2.0")
-//                .licenseUrl("http://www.apache.org/licenses/LICENSE-2.0.html")
+				.contact("JEECG团队")
+                .license("The Apache License, Version 2.0")
+                .licenseUrl("http://www.apache.org/licenses/LICENSE-2.0.html")
 				.build();
 	}


--- a/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
+++ b/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
@@ -67,8 +67,11 @@ public class LoginController {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String username = sysLoginModel.getUsername();
 		String password = sysLoginModel.getPassword();
-		//步骤1：TODO 前端密码加密，后端进行密码解密，防止传输密码篡改等问题，不配就直接提示密码错误，并记录日志后期进行统计分析是否锁定
-		password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
+		//update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题
+		//前端密码加密，后端进行密码解密
+		//password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
+		//update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题
+
 		//1. 校验用户是否有效
 		SysUser sysUser = sysUserService.getUserByName(username);
 		result = sysUserService.checkUserIsEffective(sysUser);
@@ -263,7 +266,7 @@ public class LoginController {
 	 * @return
 	 */
 	@PostMapping("/phoneLogin")
-	public Result<JSONObject> login(@RequestBody JSONObject jsonObject) {
+	public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String phone = jsonObject.getString("mobile");