From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java |   24 ++++++++++++++++++++++--
 1 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java b/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
index 1986286..3fdd62f 100644
--- a/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
+++ b/pamapi/src/main/java/com/pollex/pam/security/jwt/TokenProvider.java
@@ -7,8 +7,12 @@
 import java.security.Key;
 import java.util.*;
 import java.util.stream.Collectors;
+
+import javax.servlet.http.HttpServletResponse;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -16,6 +20,11 @@
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
+
+import com.pollex.pam.business.config.AppProperties;
+import com.pollex.pam.business.domain.TokenBlackList;
+import com.pollex.pam.business.repository.TokenBlackListRepository;
+
 import tech.jhipster.config.JHipsterProperties;
 
 @Component
@@ -33,6 +42,12 @@
     private final long tokenValidityInMilliseconds;
 
     private final long tokenValidityInMillisecondsForRememberMe;
+
+    @Autowired
+    TokenBlackListRepository tokenBlackListRepository;
+    
+    @Autowired
+	AppProperties applicationProperties;
 
     public TokenProvider(JHipsterProperties jHipsterProperties) {
         byte[] keyBytes;
@@ -84,8 +99,8 @@
             .filter(auth -> !auth.trim().isEmpty())
             .map(SimpleGrantedAuthority::new)
             .collect(Collectors.toList());
-
-        User principal = new User(claims.getSubject(), "", authorities);
+        System.out.println("applicationProperties.getDefaultPaxxword()+++++++++++===="+applicationProperties.getDefaultPaxxword());
+        User principal = new User(claims.getSubject(), applicationProperties.getDefaultPaxxword(), authorities);
         UsernamePasswordAuthenticationToken authInfo = new UsernamePasswordAuthenticationToken(principal, token, authorities);
         authInfo.setDetails(claims.get(AUTHORITIES_DETAILS));
 
@@ -102,4 +117,9 @@
         }
         return false;
     }
+
+	public boolean isBlackListToken(String jwt) {
+		Optional<TokenBlackList> tokenBlack = tokenBlackListRepository.findById(jwt);
+    	return tokenBlack.isPresent();
+	}
 }

--
Gitblit v1.8.0