diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
index d8f7ff48..8db092af 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java
@@ -5,7 +5,9 @@
package com.jeesite.common.shiro.realm;
import com.jeesite.common.codec.EncodeUtils;
+import com.jeesite.common.codec.SM3Utils;
import com.jeesite.common.codec.Sha1Utils;
+import com.jeesite.common.config.Global;
import com.jeesite.common.shiro.authc.FormToken;
import com.jeesite.common.utils.SpringUtils;
import com.jeesite.modules.sys.entity.Log;
@@ -30,19 +32,15 @@ import javax.servlet.http.HttpServletRequest;
public class AuthorizingRealm extends BaseAuthorizingRealm {
public static final String HASH_ALGORITHM = "SHA-1";
- public static final int HASH_INTERATIONS = 1024;
+ public static final int HASH_ITERATIONS = 1024;
public static final int SALT_SIZE = 8;
private UserService userService;
-
+
public AuthorizingRealm() {
super();
-// // 设定密码校验的Hash算法与迭代次数(V4.1.4及以上版本不需要了,统一使用validatePassword验证密码)
-// HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(HASH_ALGORITHM);
-// matcher.setHashIterations(HASH_INTERATIONS);
-// this.setCredentialsMatcher(matcher);
}
-
+
/**
* 获取登录凭证,将 authcToken 转换为 FormToken,参考 CAS 实现
*/
@@ -50,7 +48,7 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
protected FormToken getFormToken(AuthenticationToken authcToken) {
return super.getFormToken(authcToken);
}
-
+
/**
* 用于用户根据登录信息获取用户信息
* 1、默认根据登录账号登录信息,如:UserUtils.getByLoginCode(formToken.getUsername(), formToken.getParam("corpCode"));
@@ -61,7 +59,7 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
protected User getUserInfo(FormToken formToken) {
return super.getUserInfo(formToken);
}
-
+
/**
* 校验登录凭证,如密码验证,token验证,验证失败抛出 AuthenticationException 异常
*/
@@ -86,9 +84,13 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
@Override
public String encryptPassword(String plainPassword) {
String plain = EncodeUtils.decodeHtml(plainPassword);
- byte[] salt = Sha1Utils.genSalt(SALT_SIZE);
- byte[] hashPassword = Sha1Utils.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
- return EncodeUtils.encodeHex(salt) + EncodeUtils.encodeHex(hashPassword);
+ String salt = SM3Utils.genSaltString(SALT_SIZE);
+ if (Global.isSmAlgorithm()) {
+ String data = SM3Utils.sm3(plain, salt, HASH_ITERATIONS);
+ return salt + data;
+ }
+ String data = Sha1Utils.sha1(plain, salt, HASH_ITERATIONS);
+ return salt + data;
}
/**
@@ -101,9 +103,13 @@ public class AuthorizingRealm extends BaseAuthorizingRealm {
public boolean validatePassword(String plainPassword, String password) {
try{
String plain = EncodeUtils.decodeHtml(plainPassword);
- byte[] salt = EncodeUtils.decodeHex(password.substring(0, 16));
- byte[] hashPassword = Sha1Utils.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
- return password.equals(EncodeUtils.encodeHex(salt) + EncodeUtils.encodeHex(hashPassword));
+ String salt = password.substring(0, SALT_SIZE * 2);
+ if (Global.isSmAlgorithm()) {
+ String data = SM3Utils.sm3(plain, salt, HASH_ITERATIONS);
+ return password.equals(salt + data);
+ }
+ String data = Sha1Utils.sha1(plain, salt, HASH_ITERATIONS);
+ return password.equals(salt + data);
}catch(Exception e){
return false;
}
diff --git a/modules/core/src/main/resources/config/logger-core.xml b/modules/core/src/main/resources/config/logger-core.xml
index 9bbf3f29..36d4ed9d 100644
--- a/modules/core/src/main/resources/config/logger-core.xml
+++ b/modules/core/src/main/resources/config/logger-core.xml
@@ -41,6 +41,7 @@
+