From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java b/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
index 6cff94b..3fdd62f 100644
--- a/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
+++ b/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
@@ -21,6 +21,7 @@
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 
+import com.pollex.pam.business.config.AppProperties;
 import com.pollex.pam.business.domain.TokenBlackList;
 import com.pollex.pam.business.repository.TokenBlackListRepository;
 
@@ -44,6 +45,9 @@
 
     @Autowired
     TokenBlackListRepository tokenBlackListRepository;
+    
+    @Autowired
+	AppProperties applicationProperties;
 
     public TokenProvider(JHipsterProperties jHipsterProperties) {
         byte[] keyBytes;
@@ -95,8 +99,8 @@
             .filter(auth -> !auth.trim().isEmpty())
             .map(SimpleGrantedAuthority::new)
             .collect(Collectors.toList());
-
-        User principal = new User(claims.getSubject(), "", authorities);
+        System.out.println("applicationProperties.getDefaultPaxxword()+++++++++++===="+applicationProperties.getDefaultPaxxword());
+        User principal = new User(claims.getSubject(), applicationProperties.getDefaultPaxxword(), authorities);
         UsernamePasswordAuthenticationToken authInfo = new UsernamePasswordAuthenticationToken(principal, token, authorities);
         authInfo.setDetails(claims.get(AUTHORITIES_DETAILS));
 

--
Gitblit v1.8.0