Pre Merge pull request !479 from 有酒只欠你/master

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -2,6 +2,8 @@ package com.ruoyi.web.controller.system;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
+import com.ruoyi.common.utils.security.RSAUtils;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.UsernamePasswordToken;
@@ -20,6 +22,9 @@ import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.web.service.ConfigService;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * 登录验证
  * 
@@ -56,7 +61,7 @@ public class SysLoginController extends BaseController
     @ResponseBody
     public AjaxResult ajaxLogin(String username, String password, Boolean rememberMe)
     {
-        UsernamePasswordToken token = new UsernamePasswordToken(username, password, rememberMe);
+        UsernamePasswordToken token = new UsernamePasswordToken(username, RSAUtils.decryptBase64(password), rememberMe);
         Subject subject = SecurityUtils.getSubject();
         try
         {
@@ -79,4 +84,12 @@ public class SysLoginController extends BaseController
     {
         return "error/unauth";
     }
+
+    @GetMapping("/getPublicKey")
+    @ResponseBody
+    public Map<String, String> getPublicKey() {
+        Map<String, String> map = new HashMap<>();
+        map.put("key", RSAUtils.generateBase64PublicKey());
+        return map;
+    }
 }

ruoyi-admin/src/main/resources/static/ruoyi/login.js

@@ -20,24 +20,33 @@ function login() {
     var password = $.common.trim($("input[name='password']").val());
     var validateCode = $("input[name='validateCode']").val();
     var rememberMe = $("input[name='rememberme']").is(':checked');
+    var encrypt = new JSEncrypt();
     $.ajax({
-        type: "post",
+        url: ctx + "getPublicKey",
-        url: ctx + "login",
+        type: "get",
-        data: {
+        success: function(data) {
-            "username": username,
+            encrypt.setPublicKey(data.key);
-            "password": password,
+            var encryptPwd = encrypt.encrypt(password);
-            "validateCode": validateCode,
+            $.ajax({
-            "rememberMe": rememberMe
+                type: "post",
-        },
+                url: ctx + "login",
-        success: function(r) {
+                data: {
-            if (r.code == web_status.SUCCESS) {
+                    "username": username,
-                location.href = ctx + 'index';
+                    "password": encryptPwd,
-            } else {
+                    "validateCode": validateCode,
-            	$('.imgcode').click();
+                    "rememberMe": rememberMe
-            	$(".code").val("");
+                },
-            	$.modal.msg(r.msg);
+                success: function (r) {
-            }
+                    if (r.code == web_status.SUCCESS) {
-            $.modal.closeLoading();
+                        location.href = ctx + 'index';
+                    } else {
+                        $('.imgcode').click();
+                        $(".code").val("");
+                        $.modal.msg(r.msg);
+                    }
+                    $.modal.closeLoading();
+                }
+            });
         }
     });
 }

ruoyi-admin/src/main/resources/templates/login.html

@@ -76,6 +76,7 @@
 <script src="../static/ajax/libs/validate/jquery.validate.min.js" th:src="@{/ajax/libs/validate/jquery.validate.min.js}"></script>
 <script src="../static/ajax/libs/layer/layer.min.js" th:src="@{/ajax/libs/layer/layer.min.js}"></script>
 <script src="../static/ajax/libs/blockUI/jquery.blockUI.js" th:src="@{/ajax/libs/blockUI/jquery.blockUI.js}"></script>
+<script src="../static/ajax/libs/security/jsencrypt.min.js" th:src="@{/ajax/libs/security/jsencrypt.min.js}"></script>
 <script src="../static/ruoyi/js/ry-ui.js" th:src="@{/ruoyi/js/ry-ui.js?v=4.7.8}"></script>
 <script src="../static/ruoyi/login.js" th:src="@{/ruoyi/login.js}"></script>
 </body>

ruoyi-common/src/main/java/com/ruoyi/common/utils/security/RSAUtils.java

@@ -0,0 +1,65 @@
+package com.ruoyi.common.utils.security;
+
+import org.apache.commons.codec.binary.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.Cipher;
+import java.security.*;
+
+/**
+ * RSA 加解密
+ *
+ * @author youjiuzhiqianni
+ */
+public class RSAUtils {
+
+    private static final Logger log = LoggerFactory.getLogger(RSAUtils.class);
+    private static KeyPair keyPair = null;
+
+    // 生成秘钥对
+    static {
+        try {
+            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+            generator.initialize(2048, new SecureRandom());
+            keyPair = generator.generateKeyPair();
+        } catch (NoSuchAlgorithmException e) {
+            log.error("No such algorithm.");
+        }
+    }
+
+    /**
+     * 获取公钥
+     *
+     * @return 公钥内容
+     */
+    public static String generateBase64PublicKey() {
+        if (keyPair == null) {
+            return "";
+        }
+        PublicKey publicKey = keyPair.getPublic();
+        return new String(Base64.encodeBase64(publicKey.getEncoded()));
+    }
+
+    /**
+     * 传入字符串用私钥进行解密
+     *
+     * @param string string
+     * @return 解密后的字符串
+     */
+    public static String decryptBase64(String string) {
+        return new String(decrypt(Base64.decodeBase64(string.getBytes())));
+    }
+
+    private static byte[] decrypt(byte[] byteArray) {
+        try {
+            Cipher cipher = Cipher.getInstance("RSA");
+            PrivateKey privateKey = keyPair.getPrivate();
+            cipher.init(Cipher.DECRYPT_MODE, privateKey);
+            return cipher.doFinal(byteArray);
+        } catch (Exception e) {
+            log.error("Failed to decrypt.");
+            return new byte[0];
+        }
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java

@@ -297,6 +297,9 @@ public class ShiroConfig
         // 系统权限列表
         // filterChainDefinitionMap.putAll(SpringUtils.getBean(IMenuService.class).selectPermsAll());
 
+        // 获取公钥
+        filterChainDefinitionMap.put("/getPublicKey", "anon,captchaValidate");
+
         Map<String, Filter> filters = new LinkedHashMap<String, Filter>();
         filters.put("onlineSession", onlineSessionFilter());
         filters.put("syncOnlineSession", syncOnlineSessionFilter());