Zzzz/Book-management-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add logging

Browse Source
This commit is contained in:
Zzzz
2026-04-28 18:37:26 +08:00
parent cc32c222a4
commit 781ce4697e
4 changed files with 58 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.trellis/tasks/04-28-windows-login-diagnostic-logs/prd.md
+12
View File
@@ -27,6 +27,11 @@ Add safe server-side diagnostic logs to the login/authentication path so a Windo
* Preserve the current user-facing Chinese error message and login behavior.
* Keep the implementation in the existing Servlet + service + DAO + JDBC stack.
* Prefer `java.util.logging` patterns already used in the project.
* Document and seed explicit local/demo initial credentials so new deployments are not blocked by unrecoverable password hashes:
* `admin` / `admin123`
* `librarian` / `librarian123`
* `reader` / `reader123`
* Make clear that these demo passwords are for local scaffold verification only and must be changed or removed before non-local/production use.
## Acceptance Criteria
@@ -36,6 +41,9 @@ Add safe server-side diagnostic logs to the login/authentication path so a Windo
* [x] No log statement outputs a raw password, password hash, salt, or database password.
* [x] Existing login success/failure behavior remains unchanged for users.
* [x] `mvn test` or the closest available Maven verification command succeeds.
* [x] README lists the local/demo initial login accounts and passwords with an explicit non-production warning.
* [x] `schema.sql` seed user hashes verify against the documented demo passwords for new deployments.
* [x] Existing deployments have a documented SQL reset path or warning explaining that `INSERT IGNORE` will not overwrite existing user rows.
## Definition Of Done
@@ -68,3 +76,7 @@ Add safe server-side diagnostic logs to the login/authentication path so a Windo
* `/home/sjy/.sdkman/candidates/maven/current/bin/mvn package` passed with `BUILD SUCCESS` and produced `target/library-management.war`.
* `git diff --check` passed.
* Sensitive logger scan only found boolean password state fields, `password=<redacted>`, and `password-mismatch` category labels.
* Verification completed at 2026-04-28 18:33 +0800:
* `PasswordHasher.verify` returned `true` for `admin/admin123`, `librarian/librarian123`, and `reader/reader123` against the updated `schema.sql` PBKDF2 hashes.
* `/home/sjy/.sdkman/candidates/maven/current/bin/mvn verify` passed with `BUILD SUCCESS`.
* `git diff --check` passed.