项目结构重构，提升可维护性与易读性；

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java

@@ -1,7 +1,5 @@
 package com.xxl.job.admin.controller;
 
-import com.xxl.job.admin.annotation.PermissionLimit;
-import com.xxl.job.admin.service.impl.LoginService;
 import com.xxl.job.admin.service.XxlJobService;
 import com.xxl.job.core.biz.model.ReturnT;
 import com.xxl.sso.core.annotation.XxlSso;
@@ -12,9 +10,11 @@ import org.springframework.beans.propertyeditors.CustomDateEditor;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.WebDataBinder;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.InitBinder;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.view.RedirectView;
 
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -29,8 +29,6 @@ public class IndexController {
 
 	@Resource
 	private XxlJobService xxlJobService;
-	@Resource
-	private LoginService loginService;
 
 
 	@RequestMapping("/")
@@ -49,43 +47,9 @@ public class IndexController {
         return chartInfo;
     }
 
-	@RequestMapping("/toLogin")
-	@PermissionLimit(limit=false)
-	public ModelAndView toLogin(HttpServletRequest request, HttpServletResponse response, ModelAndView modelAndView) {
-		if (loginService.ifLogin(request, response) != null) {
-			modelAndView.setView(new RedirectView("/",true,false));
-			return modelAndView;
-		}
-		return new ModelAndView("login");
-	}
-	
-	@RequestMapping(value="login", method=RequestMethod.POST)
-	@ResponseBody
-	@PermissionLimit(limit=false)
-	public ReturnT<String> loginDo(HttpServletRequest request,
-								   HttpServletResponse response,
-								   @RequestParam("userName") String userName,
-								   @RequestParam("password") String password,
-								   @RequestParam(value = "ifRemember", required = false) String ifRemember){
-
-		boolean ifRem = (ifRemember!=null && ifRemember.trim().length()>0 && "on".equals(ifRemember))?true:false;
-		return loginService.login(request, response, userName, password, ifRem);
-	}
-	
-	@RequestMapping(value="logout", method=RequestMethod.POST)
-	@ResponseBody
-	@PermissionLimit(limit=false)
-	public ReturnT<String> logout(HttpServletRequest request, HttpServletResponse response){
-		return loginService.logout(request, response);
-	}
 	
 	@RequestMapping("/help")
 	public String help() {
-
-		/*if (!PermissionInterceptor.ifLogin(request)) {
-			return "redirect:/toLogin";
-		}*/
-
 		return "help";
 	}
 

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobUserController.java

@@ -1,18 +1,18 @@
 package com.xxl.job.admin.controller.biz;
 
 import com.xxl.job.admin.annotation.PermissionLimit;
-import com.xxl.job.admin.web.interceptor.PermissionInterceptor;
+import com.xxl.job.admin.mapper.XxlJobGroupDao;
+import com.xxl.job.admin.mapper.XxlJobUserDao;
 import com.xxl.job.admin.model.XxlJobGroup;
 import com.xxl.job.admin.model.XxlJobUser;
 import com.xxl.job.admin.util.I18nUtil;
-import com.xxl.job.admin.mapper.XxlJobGroupDao;
-import com.xxl.job.admin.mapper.XxlJobUserDao;
+import com.xxl.job.admin.web.interceptor.PermissionInterceptor;
 import com.xxl.job.core.biz.model.ReturnT;
+import com.xxl.tool.encrypt.SHA256Tool;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
-import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -94,7 +94,8 @@ public class JobUserController {
             return new ReturnT<String>(ReturnT.FAIL_CODE, I18nUtil.getString("system_lengh_limit")+"[4-20]" );
         }
         // md5 password
-        xxlJobUser.setPassword(DigestUtils.md5DigestAsHex(xxlJobUser.getPassword().getBytes()));
+        String passwordHash = SHA256Tool.sha256(xxlJobUser.getPassword());
+        xxlJobUser.setPassword(passwordHash);
 
         // check repeat
         XxlJobUser existUser = xxlJobUserDao.loadByUserName(xxlJobUser.getUsername());
@@ -125,7 +126,8 @@ public class JobUserController {
                 return new ReturnT<String>(ReturnT.FAIL_CODE, I18nUtil.getString("system_lengh_limit")+"[4-20]" );
             }
             // md5 password
-            xxlJobUser.setPassword(DigestUtils.md5DigestAsHex(xxlJobUser.getPassword().getBytes()));
+            String passwordHash = SHA256Tool.sha256(xxlJobUser.getPassword());
+            xxlJobUser.setPassword(passwordHash);
         } else {
             xxlJobUser.setPassword(null);
         }
@@ -169,18 +171,18 @@ public class JobUserController {
         }
 
         // md5 password
-        String md5OldPassword = DigestUtils.md5DigestAsHex(oldPassword.getBytes());
-        String md5Password = DigestUtils.md5DigestAsHex(password.getBytes());
+        String oldPasswordHash = SHA256Tool.sha256(oldPassword);
+        String passwordHash = SHA256Tool.sha256(password);
 
         // valid old pwd
         XxlJobUser loginUser = PermissionInterceptor.getLoginUser(request);
         XxlJobUser existUser = xxlJobUserDao.loadByUserName(loginUser.getUsername());
-        if (!md5OldPassword.equals(existUser.getPassword())) {
+        if (!oldPasswordHash.equals(existUser.getPassword())) {
             return ReturnT.ofFail(I18nUtil.getString("change_pwd_field_oldpwd") + I18nUtil.getString("system_unvalid"));
         }
 
         // write new
-        existUser.setPassword(md5Password);
+        existUser.setPassword(passwordHash);
         xxlJobUserDao.update(existUser);
 
         return ReturnT.ofSuccess();

xxl-job-admin/src/main/java/com/xxl/job/admin/controller/login/LoginController.java

@@ -0,0 +1,60 @@
+package com.xxl.job.admin.controller.login;
+
+import com.xxl.job.admin.annotation.PermissionLimit;
+import com.xxl.job.admin.service.impl.LoginService;
+import com.xxl.job.core.biz.model.ReturnT;
+import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.view.RedirectView;
+
+/**
+ * index controller
+ * @author xuxueli 2015-12-19 16:13:16
+ */
+@Controller
+@RequestMapping("/auth")
+public class LoginController {
+
+
+	@Resource
+	private LoginService loginService;
+
+
+	@RequestMapping("/toLogin")
+	@PermissionLimit(limit=false)
+	public ModelAndView toLogin(HttpServletRequest request, HttpServletResponse response, ModelAndView modelAndView) {
+		if (loginService.ifLogin(request, response) != null) {
+			modelAndView.setView(new RedirectView("/",true,false));
+			return modelAndView;
+		}
+		return new ModelAndView("login");
+	}
+
+	@RequestMapping(value="/login", method=RequestMethod.POST)
+	@ResponseBody
+	@PermissionLimit(limit=false)
+	public ReturnT<String> loginDo(HttpServletRequest request,
+								   HttpServletResponse response,
+								   @RequestParam("userName") String userName,
+								   @RequestParam("password") String password,
+								   @RequestParam(value = "ifRemember", required = false) String ifRemember){
+
+		boolean ifRem = (ifRemember!=null && ifRemember.trim().length()>0 && "on".equals(ifRemember))?true:false;
+		return loginService.login(request, response, userName, password, ifRem);
+	}
+
+	@RequestMapping(value="/logout", method=RequestMethod.POST)
+	@ResponseBody
+	@PermissionLimit(limit=false)
+	public ReturnT<String> logout(HttpServletRequest request, HttpServletResponse response){
+		return loginService.logout(request, response);
+	}
+
+}

xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LoginService.java

@@ -1,16 +1,16 @@
 package com.xxl.job.admin.service.impl;
 
+import com.xxl.job.admin.mapper.XxlJobUserDao;
 import com.xxl.job.admin.model.XxlJobUser;
 import com.xxl.job.admin.util.CookieUtil;
 import com.xxl.job.admin.util.I18nUtil;
 import com.xxl.job.admin.util.JacksonUtil;
-import com.xxl.job.admin.mapper.XxlJobUserDao;
 import com.xxl.job.core.biz.model.ReturnT;
+import com.xxl.tool.encrypt.SHA256Tool;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Service;
-import org.springframework.util.DigestUtils;
 
 import java.math.BigInteger;
 
@@ -57,8 +57,8 @@ public class LoginService {
         if (xxlJobUser == null) {
             return new ReturnT<String>(500, I18nUtil.getString("login_param_unvalid"));
         }
-        String passwordMd5 = DigestUtils.md5DigestAsHex(password.getBytes());
-        if (!passwordMd5.equals(xxlJobUser.getPassword())) {
+        String passwordHash = SHA256Tool.sha256(password);
+        if (!passwordHash.equals(xxlJobUser.getPassword())) {
             return new ReturnT<String>(500, I18nUtil.getString("login_param_unvalid"));
         }
 

xxl-job-admin/src/main/java/com/xxl/job/admin/web/interceptor/PermissionInterceptor.java

@@ -48,7 +48,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor {
 			XxlJobUser loginUser = loginService.ifLogin(request, response);
 			if (loginUser == null) {
 				response.setStatus(302);
-				response.setHeader("location", request.getContextPath()+"/toLogin");
+				response.setHeader("location", request.getContextPath()+"/auth/toLogin");
 				return false;
 			}
 			if (needAdminuser && loginUser.getRole()!=1) {

xxl-job-admin/src/main/resources/static/js/common.1.js

@@ -9,7 +9,7 @@ $(function(){
 		}, function(index){
 			layer.close(index);
 
-			$.post(base_url + "/logout", function(data, status) {
+			$.post(base_url + "/auth/logout", function(data, status) {
 				if (data.code == "200") {
                     layer.msg( I18n.logout_success );
                     setTimeout(function(){
@@ -135,7 +135,7 @@ $(function(){
 
                     layer.msg( I18n.change_pwd_suc_to_logout );
                     setTimeout(function(){
-                        $.post(base_url + "/logout", function(data, status) {
+                        $.post(base_url + "/auth/logout", function(data, status) {
                             if (data.code == 200) {
                                 window.location.href = base_url + "/";
                             } else {

xxl-job-admin/src/main/resources/static/js/login.1.js

@@ -46,7 +46,7 @@ $(function(){
             element.parent('div').append(error);  
         },
         submitHandler : function(form) {
-			$.post(base_url + "/login", $("#loginForm").serialize(), function(data, status) {
+			$.post(base_url + "/auth/login", $("#loginForm").serialize(), function(data, status) {
 				if (data.code == "200") {
                     layer.msg( I18n.login_success );
                     setTimeout(function(){

xxl-job-admin/src/test/java/com/xxl/job/admin/controller/JobInfoControllerTest.java

@@ -21,7 +21,7 @@ public class JobInfoControllerTest extends AbstractSpringMvcTest {
   @BeforeEach
   public void login() throws Exception {
     MvcResult ret = mockMvc.perform(
-        post("/login")
+        post("/auth/login")
             .contentType(MediaType.APPLICATION_FORM_URLENCODED)
             .param("userName", "admin")
             .param("password", "123456")