관리자 로그인 비밀번호 암호화 Damo 단방향 적용
eapim-admin CI / build (push) Has been cancelled

This commit is contained in:
eastargh
2026-06-26 11:12:21 +09:00
parent 37380f2975
commit 99a440094d
2 changed files with 7 additions and 5 deletions
@@ -33,6 +33,7 @@ import com.eactive.eai.rms.data.entity.man.role.Role;
import com.eactive.eai.rms.data.entity.man.role.RoleService;
import com.eactive.eai.rms.data.entity.onl.bzwkdstcd.UserBusinessService;
import com.eactive.eai.rms.onl.common.exception.BizException;
import com.eactive.ext.djb.DamoManager;
import lombok.RequiredArgsConstructor;
@@ -140,7 +141,7 @@ public class UserManService extends BaseService {
public void updatePassword(UserUI userUI) throws Exception {
UserInfo userInfo = userInfoService.getById(userUI.getUserId());
userInfo.setPassword(Seed.encrypt(userUI.getUserId()));
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256, userUI.getUserId()));
userUIMapper.updateToEntity(userUI, userInfo);
userInfoService.save(userInfo);
}
@@ -33,6 +33,7 @@ import org.springframework.web.servlet.View;
import com.eactive.eai.common.seed.Seed;
import com.eactive.eai.rms.ext.kjb.smsauth.SmsAuthService;
import com.eactive.ext.djb.DamoManager;
import com.eactive.eai.data.converter.LocalDateTimeFormatters;
import com.eactive.eai.rms.common.context.MonitoringContext;
import com.eactive.eai.rms.common.datasource.DataSourceType;
@@ -363,7 +364,7 @@ public class MainController implements InterceptorSkipController {
String loginMode = System.getProperty("login.mode");
if("db".equals(loginMode) || "DB".equals(loginMode)) {
/* 기존로직 - LDAP 사용 x */
if (!userInfo.getPassword().equals(Seed.encrypt(dto.getPassword()))) {
if (!userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256, dto.getPassword()))) {
// password 다름.
setLoginFailure(request, session, "login.loginfail1",
"login.loginfail2");
@@ -799,9 +800,9 @@ public class MainController implements InterceptorSkipController {
.getString("login.pwdmismatch4"));
return REDIRECT_CHANGE_PASSWORD_URL;
}
// 3. 비밀번호 체크
if (!userInfo.getPassword().equals(Seed.encrypt(resetPassword))
if (!userInfo.getPassword().equals(DamoManager.getInstance().hash(DamoManager.SHA256,resetPassword))
|| !userInfo.getUserid().equals(resetUserId)) {
UserAccessLogger.log(request, LOG_CATEGORY_LOGIN, "F",
localeMessage
@@ -812,7 +813,7 @@ public class MainController implements InterceptorSkipController {
}
// 4. 비밀번호 변경
userInfo.setPassword(Seed.encrypt(changePassword));
userInfo.setPassword(DamoManager.getInstance().hash(DamoManager.SHA256,changePassword));
userInfoService.save(userInfo);
UserAccessLogger.log(request, LOG_CATEGORY_LOGIN, "S", localeMessage