diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml index 764a13fd..cf8cb187 100644 --- a/ruoyi-admin/src/main/resources/application.yml +++ b/ruoyi-admin/src/main/resources/application.yml @@ -108,6 +108,8 @@ shiro: httpOnly: true # 设置Cookie的过期时间,天为单位 maxAge: 30 + # 设置密钥,务必保持唯一性(生成方式,直接拷贝到main运行即可)Base64.encodeToString(CipherUtils.generateNewKey(128, "AES").getEncoded()) (默认启动生成随机秘钥,随机秘钥会导致之前客户端RememberMe Cookie无效,如设置固定秘钥RememberMe Cookie则有效) + cipherKey: session: # Session超时时间,-1代表永不过期(默认30分钟) expireTime: 30 diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java index d6967278..89171e51 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java @@ -8,6 +8,7 @@ import java.util.Map; import javax.servlet.Filter; import org.apache.commons.io.IOUtils; import org.apache.shiro.cache.ehcache.EhCacheManager; +import org.apache.shiro.codec.Base64; import org.apache.shiro.config.ConfigurationException; import org.apache.shiro.io.ResourceUtils; import org.apache.shiro.mgt.SecurityManager; @@ -104,6 +105,12 @@ public class ShiroConfig @Value("${shiro.cookie.maxAge}") private int maxAge; + /** + * 设置cipherKey密钥 + */ + @Value("${shiro.cookie.cipherKey}") + private String cipherKey; + /** * 登录地址 */ @@ -351,7 +358,14 @@ public class ShiroConfig { CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(rememberMeCookie()); - cookieRememberMeManager.setCipherKey(CipherUtils.generateNewKey(128, "AES").getEncoded()); + if (StringUtils.isNotEmpty(cipherKey)) + { + cookieRememberMeManager.setCipherKey(Base64.decode(cipherKey)); + } + else + { + cookieRememberMeManager.setCipherKey(CipherUtils.generateNewKey(128, "AES").getEncoded()); + } return cookieRememberMeManager; }