🔒 修复任意用户名均可登陆后台的安全问题.

Author: zhaojun1998

src/main/java/im/zhaojun/common/security/MyUserDetailsServiceImpl.java

@@ -9,6 +9,7 @@
 
 import javax.annotation.Resource;
 import java.util.Collections;
+import java.util.Objects;
 
 /**
  * @author zhaojun
@@ -24,6 +25,9 @@ public class MyUserDetailsServiceImpl implements UserDetailsService {
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         SystemConfigDTO systemConfig = systemConfigService.getSystemConfig();
+        if (!Objects.equals(systemConfig.getUsername(), username)) {
+            throw new UsernameNotFoundException("用户名不存在");
+        }
         return new User(systemConfig.getUsername(), systemConfig.getPassword(), Collections.emptyList());
     }
 }