ruoyi springboot 开发笔记

原创已于 2024-11-06 19:55:06 修改 · 1.4k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#spring boot #java #spring

于 2022-12-28 14:38:56 首次发布

ruoyi 专栏收录该内容

4 篇文章

订阅专栏

本文介绍了一种绕过传统密码验证的方法，通过直接比较数据库中的明文密码来实现登录验证，并调整了相关配置以确保系统的安全性。此外，还介绍了如何在应用中禁用Swagger，以减少潜在的安全风险。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1、跳过密码校验

实现原理是从库中查询出密码，直接用库中密码跳过加密进行密码比较。

重写DaoAuthenticationProvider.java密码校验方法

package com.zscq.framework.provider;

import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;


public class LoginAuthenticationProvider extends DaoAuthenticationProvider {
    public LoginAuthenticationProvider(UserDetailsService userDetailsService) {
        super();
        // 这个地方一定要对userDetailsService赋值，不然userDetailsService是null (这个坑有点深)
        setUserDetailsService(userDetailsService);
    }

    @SuppressWarnings("deprecation")
    protected void additionalAuthenticationChecks(UserDetails userDetails,
                                                  UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        if (authentication.getCredentials() == null) {
            this.logger.debug("Failed to authenticate since no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String presentedPassword = authentication.getCredentials().toString();
            if(presentedPassword.equals(userDetails.getPassword())){
                return;
            }
            if (!PasswordEncoderFactories.createDelegatingPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) {
                this.logger.debug("Failed to authenticate since password does not match stored value");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
    }
}

SecurityConfig.java 中增加

SysPasswordService.java中增加

SysLoginService.java中

之前的login方法也需要调整，否则会有问题

2、禁用swagger

application.yml中

3、java 执行c语言代码

<!--        java调用执行c语言-->
        <dependency>
            <groupId>net.java.dev.jna</groupId>
            <artifactId>jna</artifactId>
            <version>5.14.0</version>
        </dependency>

// 定义一个接口，继承自 Library
public interface ExampleLibrary extends Library {
    // 不使用的地方可以声明为 null
    ExampleLibrary INSTANCE = null;
    int sim_main(Integer params);
}


// 动态获取共享库路径
// 加载共享库
ExampleLibrary exampleLibrary = (ExampleLibrary)Native.load(basePath, ExampleLibrary.class);
// 调用 C 函数
exampleLibrary.sim_main(numberofTimes);
// 卸载dll
Class myNative = Class.forName("com.sun.jna.Native");
Method method = myNative.getDeclaredMethod("dispose", new Class[]{});
method.setAccessible(true);
method.invoke(myNative, new Object[]{});

4、java 判断list中对象是否形成环

public static boolean hasCycle(List<TProjectNode> nodes) {
        Set<String> visited = new HashSet<>();

        for (TProjectNode node : nodes) {
            String currentNodeId = node.getNodeId();
            // 处理当前节点的 nextNodeId
            String nextNodeId = node.getNextNodeId();

            if (visited.contains(currentNodeId)) {
                return true; // 如果已经访问过当前节点，说明有环
            }

            visited.add(currentNodeId);
            // 检查 nextNodeId 是否存在于 nodes 中
            if (nextNodeId != null) {
                boolean foundNextNode = false;
                for (TProjectNode nextNode : nodes) {
                    if (nextNode.getNodeId().equals(nextNodeId)) {
                        foundNextNode = true;
                        break;
                    }
                }
                // 如果 nextNodeId 不在列表中，跳出循环
                if (!foundNextNode) {
                    break;
                }
            }
        }
        return false; // 如果没有重复访问，说明无环
    }

    public static void main(String[] args) {
        TProjectNode tProjectNode1 = new TProjectNode();
        tProjectNode1.setNodeId("1");
        tProjectNode1.setNextNodeId("2");
        TProjectNode tProjectNode2 = new TProjectNode();
        tProjectNode2.setNodeId("2");
        tProjectNode2.setNextNodeId("3");
        TProjectNode tProjectNode3 = new TProjectNode();
        tProjectNode3.setNodeId("3");
        tProjectNode3.setNextNodeId("1");
        TProjectNode tProjectNode4 = new TProjectNode();
        tProjectNode4.setNodeId("4");
        tProjectNode4.setNextNodeId("5");


        // 示例数据：
        List<TProjectNode> projectNodes = new ArrayList<>();
        projectNodes.add(tProjectNode3);
        projectNodes.add(tProjectNode2);
        projectNodes.add(tProjectNode1);
        projectNodes.add(tProjectNode4);

        System.out.println("是否有环: " + hasCycle(projectNodes));
    }