认证接口
这里将私钥配置在 applicaiton.yml
中。
@RestController
@RequestMapping(“auth”)
@Slf4j
public class LoginController {
@Value(“${rsa.private_key}”)
private String privateKey;
private final AuthenticationManagerBuilder authenticationManagerBuilder;
public LoginController(AuthenticationManagerBuilder authenticationManagerBuilder) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
}
@PostMapping(“/login”)
public String login(@RequestBody FormUser formUser, HttpServletRequest request) {
log.info(“formUser encrypted: {}”, formUser);
// 用户信息RSA私钥解密,方法一:自定义工具类:RSAEncrypt
// String username = RSAEncrypt.decrypt(formUser.getUsername(), privateKey);
// String password = RSAEncrypt.decrypt(formUser.getPassword(), privateKey);
// log.info(“Userinfo decrypted: {}, {}”, username, password);
// 用户信息RSA私钥解密,方法二:使用hutool中的工具类进行解密
RSA rsa = new RSA(privateKey, null);
String username = new String(rsa.decrypt(formUser.getUsername(), KeyType.PrivateKey));
String password = new String(rsa.decrypt(formUser.getPassword(), KeyType.PrivateKey));
log.info(“Userinfo decrypted: {}, {}”, username, password);
// 核验用户名密码
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
log.info(“authentication: {}”, authentication);
return SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString();
}
}
自定义工具类进行解密
commons-codec
commons-codec
1.12
public class RSAEncrypt {
/**