From 9a9dbf0e97513b6881b29c91694bbcde4e83039d Mon Sep 17 00:00:00 2001 From: YunaiV Date: Thu, 10 Mar 2022 00:39:43 +0800 Subject: [PATCH] =?UTF-8?q?=E7=A7=BB=E9=99=A4=20Security=20=E6=97=A0?= =?UTF-8?q?=E7=94=A8=E7=9A=84=20secret=20=E9=85=8D=E7=BD=AE=E9=A1=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../yudao/framework/security/config/SecurityProperties.java | 6 ------ .../security/core/filter/JWTAuthenticationTokenFilter.java | 2 +- yudao-server/src/main/resources/application-dev.yaml | 1 - yudao-server/src/main/resources/application-local.yaml | 2 -- 4 files changed, 1 insertion(+), 10 deletions(-) diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index d45c948dd..aa07bab5b 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -4,7 +4,6 @@ import lombok.Data; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.validation.annotation.Validated; -import javax.validation.Valid; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; import java.time.Duration; @@ -24,11 +23,6 @@ public class SecurityProperties { */ @NotNull(message = "Token 过期时间不能为空") private Duration tokenTimeout; - /** - * Token 秘钥 - */ - @NotEmpty(message = "Token 秘钥不能为空") - private String tokenSecret; /** * Session 过期时间 * diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/JWTAuthenticationTokenFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/JWTAuthenticationTokenFilter.java index 804c88d35..57344adb8 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/JWTAuthenticationTokenFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/JWTAuthenticationTokenFilter.java @@ -66,7 +66,7 @@ public class JWTAuthenticationTokenFilter extends OncePerRequestFilter { * 注意,在线上环境下,一定要关闭该功能!!! * * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getTokenSecret()} + 用户编号 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @return 模拟的 LoginUser */ private LoginUser mockLoginUser(HttpServletRequest request, String token) { diff --git a/yudao-server/src/main/resources/application-dev.yaml b/yudao-server/src/main/resources/application-dev.yaml index 66dc17833..6ce1bd981 100644 --- a/yudao-server/src/main/resources/application-dev.yaml +++ b/yudao-server/src/main/resources/application-dev.yaml @@ -168,7 +168,6 @@ wx: # 参见 https://github.com/Wechat-Group/WxJava/blob/develop/spring-boot-sta yudao: security: token-header: Authorization - token-secret: abcdefghijklmnopqrstuvwxyz token-timeout: 1d session-timeout: 30m mock-enable: true diff --git a/yudao-server/src/main/resources/application-local.yaml b/yudao-server/src/main/resources/application-local.yaml index 0bfdeb501..42279a198 100644 --- a/yudao-server/src/main/resources/application-local.yaml +++ b/yudao-server/src/main/resources/application-local.yaml @@ -180,9 +180,7 @@ yudao: enable: false # 本地环境,暂时关闭图片验证码,方便登录等接口的测试 security: token-header: Authorization - token-secret: abcdefghijklmnopqrstuvwxyz token-timeout: 1d -# session-timeout: 30m session-timeout: 1d mock-enable: true mock-secret: test