diff --git a/src/main/java/com/eactive/eai/rms/common/acl/user/UserManService.java b/src/main/java/com/eactive/eai/rms/common/acl/user/UserManService.java index 86c6d6f..58d835a 100644 --- a/src/main/java/com/eactive/eai/rms/common/acl/user/UserManService.java +++ b/src/main/java/com/eactive/eai/rms/common/acl/user/UserManService.java @@ -33,6 +33,7 @@ import com.eactive.eai.rms.data.entity.man.role.Role; import com.eactive.eai.rms.data.entity.man.role.RoleService; import com.eactive.eai.rms.data.entity.onl.bzwkdstcd.UserBusinessService; import com.eactive.eai.rms.onl.common.exception.BizException; +import com.eactive.ext.djb.DamoManager; import lombok.RequiredArgsConstructor; @@ -140,7 +141,7 @@ public class UserManService extends BaseService { public void updatePassword(UserUI userUI) throws Exception { UserInfo userInfo = userInfoService.getById(userUI.getUserId()); - userInfo.setPassword(Seed.encrypt(userUI.getUserId())); + userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256, userUI.getUserId())); userUIMapper.updateToEntity(userUI, userInfo); userInfoService.save(userInfo); } diff --git a/src/main/java/com/eactive/eai/rms/common/login/MainController.java b/src/main/java/com/eactive/eai/rms/common/login/MainController.java index d36fb90..af3239e 100644 --- a/src/main/java/com/eactive/eai/rms/common/login/MainController.java +++ b/src/main/java/com/eactive/eai/rms/common/login/MainController.java @@ -33,6 +33,7 @@ import org.springframework.web.servlet.View; import com.eactive.eai.common.seed.Seed; import com.eactive.eai.rms.ext.kjb.smsauth.SmsAuthService; +import com.eactive.ext.djb.DamoManager; import com.eactive.eai.data.converter.LocalDateTimeFormatters; import com.eactive.eai.rms.common.context.MonitoringContext; import com.eactive.eai.rms.common.datasource.DataSourceType; @@ -363,7 +364,7 @@ public class MainController implements InterceptorSkipController { String loginMode = System.getProperty("login.mode"); if("db".equals(loginMode) || "DB".equals(loginMode)) { /* 기존로직 - LDAP 사용 x */ - if (!userInfo.getPassword().equals(Seed.encrypt(dto.getPassword()))) { + if (!userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256, dto.getPassword()))) { // password 다름. setLoginFailure(request, session, "login.loginfail1", "login.loginfail2"); @@ -799,9 +800,9 @@ public class MainController implements InterceptorSkipController { .getString("login.pwdmismatch4")); return REDIRECT_CHANGE_PASSWORD_URL; } - + // 3. 비밀번호 체크 - if (!userInfo.getPassword().equals(Seed.encrypt(resetPassword)) + if (!userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256,resetPassword)) || !userInfo.getUserid().equals(resetUserId)) { UserAccessLogger.log(request, LOG_CATEGORY_LOGIN, "F", localeMessage @@ -812,7 +813,7 @@ public class MainController implements InterceptorSkipController { } // 4. 비밀번호 변경 - userInfo.setPassword(Seed.encrypt(changePassword)); + userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256,changePassword)); userInfoService.save(userInfo); UserAccessLogger.log(request, LOG_CATEGORY_LOGIN, "S", localeMessage