1、重写加密算法,这里用的是明文
package cn.eshore.encodePassword;
import org.springframework.security.providers.encoding.BasePasswordEncoder;
/**
* Created by Administrator on 2017/4/12.
*/
public class PlaintextPasswordOverwriteEncoder extends BasePasswordEncoder {
//~ Instance fields ================================================================================================
private boolean ignorePasswordCase = false;
//~ Methods ========================================================================================================
public String encodePassword(String rawPass, Object salt) {
return mergePasswordAndSalt(rawPass, salt, true);
}
public boolean isIgnorePasswordCase() {
return ignorePasswordCase;
}
public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
if(salt.equals(true))
return true;
String pass1 = encPass + "";
// Strict delimiters is false because pass2 never persisted anywhere
// and we want to avoid unnecessary exceptions as a result (the
// authentication will fail as the encodePassword never allows them)
String pass2 = mergePasswordAndSalt(rawPass, "", false);
if (!ignorePasswordCase) {
return pass1.equals(pass2);
} else {
return pass1.equalsIgnoreCase(pass2);
}
}
/**
* Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting
* array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p>
* <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p>
*
* @param password from {@link #encodePassword(String, Object)}
*
* @return an array containing the password and salt
*/
public String[] obtainPasswordAndSalt(String password) {
return demergePasswordAndSalt(password);
}
/**
* Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning
* an exact case match is required.</p>
*
* @param ignorePasswordCase set to <code>true</code> for less stringent comparison
*/
public void setIgnorePasswordCase(boolean ignorePasswordCase) {
this.ignorePasswordCase = ignorePasswordCase;
}
}
2、在resources.groovy里配置bean
passwordEncoder(cn.eshore.encodePassword.PlaintextPasswordOverwriteEncoder)
3、添加org.codehaus.groovy.grails.plugins.springsecurity.DaoAuthenticationOverwriteProvider(重写类,添加业务判断)
package org.codehaus.groovy.grails.plugins.springsecurity
import com.sun.org.apache.xpath.internal.operations.Bool
import org.springframework.dao.DataAccessException
import org.springframework.security.AuthenticationException
import org.springframework.security.AuthenticationServiceException
import org.springframework.security.BadCredentialsException
import org.springframework.security.providers.UsernamePasswordAuthenticationToken
import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider
import org.springframework.security.providers.dao.SaltSource
import org.springframework.security.providers.encoding.PasswordEncoder
import org.springframework.security.providers.encoding.PlaintextPasswordEncoder
import org.springframework.security.userdetails.UserDetails
import org.springframework.security.userdetails.UserDetailsService
import org.springframework.util.Assert
/**
* Created by xiongcc on 2017/4/12.
*/
class DaoAuthenticationOverwriteProvider extends AbstractUserDetailsAuthenticationProvider{
//~ Instance fields ================================================================================================
private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
private SaltSource saltSource;
private UserDetailsService userDetailsService;
private boolean includeDetailsObject = true;
//~ Methods ========================================================================================================
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
Object salt = null;
if (this.saltSource != null) {
salt = this.saltSource.getSalt(userDetails);
}
if (authentication.getCredentials() == null) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);
}
String presentedPassword = authentication.getCredentials().toString();
//通过orgInfo的singleLogin来判断是否可以通过账号直接登陆
String singlePointLongin = userDetails.domainClass.org.singleLogin;
salt = singlePointLongin.equals("yes")
if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
throw new BadCredentialsException(messages.getMessage(
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
includeDetailsObject ? userDetails : null);
}
}
protected void doAfterPropertiesSet() throws Exception {
Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
}
protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException {
UserDetails loadedUser;
try {
loadedUser = this.getUserDetailsService().loadUserByUsername(username);
}
catch (DataAccessException repositoryProblem) {
throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
}
if (loadedUser == null) {
throw new AuthenticationServiceException(
"UserDetailsService returned null, which is an interface contract violation");
}
return loadedUser;
}
/**
* Sets the PasswordEncoder instance to be used to encode and validate passwords.
* If not set, {@link PlaintextPasswordEncoder} will be used by default.
*
* @param passwordEncoder The passwordEncoder to use
*/
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
protected PasswordEncoder getPasswordEncoder() {
return passwordEncoder;
}
/**
* The source of salts to use when decoding passwords. <code>null</code>
* is a valid value, meaning the <code>DaoAuthenticationProvider</code>
* will present <code>null</code> to the relevant <code>PasswordEncoder</code>.
*
* @param saltSource to use when attempting to decode passwords via the <code>PasswordEncoder</code>
*/
public void setSaltSource(SaltSource saltSource) {
this.saltSource = saltSource;
}
protected SaltSource getSaltSource() {
return saltSource;
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
protected UserDetailsService getUserDetailsService() {
return userDetailsService;
}
protected boolean isIncludeDetailsObject() {
return includeDetailsObject;
}
/**
* Determines whether the UserDetails will be included in the <tt>extraInformation</tt> field of a
* thrown BadCredentialsException. Defaults to true, but can be set to false if the exception will be
* used with a remoting protocol, for example.
*
* @deprecated use {@link org.springframework.security.providers.ProviderManager#setClearExtraInformation(boolean)}
*/
public void setIncludeDetailsObject(boolean includeDetailsObject) {
this.includeDetailsObject = includeDetailsObject;
}
}
重点见additionalAuthenticationChecks方法
4、修改org.codehaus.groovy.grails.plugins.springsecurity.GrailsDaoAuthenticationProvider的父类是DaoAuthenticationOverwriteProvider
/* Copyright 2006-2009 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.codehaus.groovy.grails.plugins.springsecurity
import org.springframework.security.AuthenticationException
import org.springframework.security.providers.UsernamePasswordAuthenticationToken
import org.springframework.security.ui.ntlm.NtlmUsernamePasswordAuthenticationToken
import org.springframework.security.userdetails.UserDetails
/**
* @author Martin Vlcek
* @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a>
*/
class GrailsDaoAuthenticationProvider extends DaoAuthenticationOverwriteProvider {
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
// don't check password in case of NTLM authentication
if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {
super.additionalAuthenticationChecks(userDetails, authentication)
}
}
}
备注:3和4的文件写在aecgi的plugin里