同步操作将从 open-hand/choerodon-starters 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
This project is a jar package. Its main function is to provide password management and login policy management for users of the Choerodon Microservices Framework, including password verification, login verification, passwords, and login records.
Projects that use the jar package for password and login policy's management need to be consistent with the table structure of users, organizations, and password policies of the Choerodon Microservices Framework.
<dependency>
<groupId>io.choerodon</groupId>
<artifactId>choerodon-starter-oauth-core</artifactId>
<version>0.10.1.RELEASE</version>
</dependency>
In iam-service
, use the password policy to modify the interface, update the password policy information.
At the business logic that has the password changed, add the following check code:
//Get the password policy of the corresponding organization
BasePasswordPolicyDO basePasswordPolicyDO = basePasswordPolicyMapper.selectByPrimaryKey(basePasswordPolicyMapper.findByOrgId(organizationE.getId()));
//Password verification
passwordPolicyManager.passwordValidate(userE.getPassword(), baseUserDO, basePasswordPolicyDO);
//When the password is updated and newly created, the password history is recorded. The password passed in is the encoded password.
passwordRecord.updatePassword(userE.getId(),userE.getPassword());
Add the following login security check in the oauth-server
:
//Get the password policy of the current organization
BasePasswordPolicyDO passwordPolicy = basePasswordPolicyMapper.findByOrgId(org.getId());
//Whether to need a verification code.
Boolean isNeedCaptcha = passwordPolicyManager.isNeedCaptcha(passwordPolicy, baseUserDO);
//Determine whether the user's login operation needs to be locked.
Map returnMap = passwordPolicyManager.loginValidate("password", baseUserDO, passwordPolicy);
Object lock = null;
if (returnMap != null) {
lock = returnMap.get(PasswordPolicyType.MAX_ERROR_TIME.getValue());
}
if (lock != null && !((Boolean) lock)) {
//DONE Lock the user
}
## Reporting Issues
If you find any shortcomings or bugs, please describe them in the Issue.
Pull requests are welcome! Follow this link for more information on how to contribute.
This jar package is a project that applies to the Choerodon Microservices Framework
's password and login policy and does not currently support inconsistencies with other database table structures.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。