框架漏洞

6 days ago · 9dbb475784
3 changed files with 9 additions and 9 deletions
--- a/ruoyi-admin/src/main/resources/application.yml
+++ b/ruoyi-admin/src/main/resources/application.yml
@ -119,7 +119,7 @@ pagehelper:
				@@ -119,7 +119,7 @@ pagehelper:
 # Swagger配置
 swagger:
  # 是否开启swagger
-  enabled: true
+  enabled: false
  # 请求前缀
  pathMapping: /dev-api

--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@ -107,11 +107,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
				@@ -107,11 +107,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                        "/**/*.js",
                        "/profile/**"
                ).permitAll()
-                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
+//                .antMatchers("/swagger-ui.html").anonymous()
+//                .antMatchers("/swagger-resources/**").anonymous()
+//                .antMatchers("/webjars/**").anonymous()
+//                .antMatchers("/*/api-docs").anonymous()
+//                .antMatchers("/druid/**").anonymous()
                .antMatchers("/api/**").anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/UserDetailsServiceImpl.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/UserDetailsServiceImpl.java
@ -37,17 +37,17 @@ public class UserDetailsServiceImpl implements UserDetailsService
				@@ -37,17 +37,17 @@ public class UserDetailsServiceImpl implements UserDetailsService
        if (StringUtils.isNull(user))
        {
            log.info("登录用户：{} 不存在.", username);
-            throw new ServiceException("登录用户：" + username + " 不存在");
+            throw new ServiceException("用户名或密码错误");
        }
        else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
        {
            log.info("登录用户：{} 已被删除.", username);
-            throw new ServiceException("对不起，您的账号：" + username + " 已被删除");
+            throw new ServiceException("用户名或密码错误");
        }
        else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
        {
            log.info("登录用户：{} 已被停用.", username);
-            throw new ServiceException("对不起，您的账号：" + username + " 已停用");
+            throw new ServiceException("用户名或密码错误");
        }

        return createLoginUser(user);