理论:
1、Spring Security默认的密码比对主要是依靠DaoAuthenticationProvider下的additionalAuthenticationChecks方法来完成的,我们只需要将additionalAuthenticationChecks方法进行重写,就可以自定义密码比对业务了。
2、由于PasswordEncoder没有提供解密方法,所以采用AES加密,把前端加密的字符串进行解密,再使用passwordEncoder.matches()进行比较。
后端:
1、AES加解密工具类
import sun.misc.BASE64Decoder;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import static org.apache.commons.codec.binary.Base64.encodeBase64String;
public class EncryptUtil {
private static final String KEY = "16位加密匙";
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding";
public static String base64Encode(byte[] bytes){
return encodeBase64String(bytes);
}
public static byte[] base64Decode(String base64Code) throws Exception{
return new BASE64Decoder().decodeBuffer(base64Code);
}
public static byte[] aesEncryptToBytes(String content, String encryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));
return cipher.doFinal(content.getBytes("utf-8"));
}
public static String aesEncrypt(String content, String encryptKey) throws Exception {
return base64Encode(aesEncryptToBytes(content, encryptKey));
}
public static String aesDecryptByBytes(byte[] encryptBytes, String decryptKey) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), "AES"));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes);
}
public static String aesDecrypt(String encryptStr, String decryptKey) throws Exception {
return aesDecryptByBytes(base64Decode(encryptStr), decryptKey);
}
/** * 测试 * */
public static void main(String[] args) throws Exception {
String content = "123456";
System.out.println("加密前:" + content);
System.out.println("加密密钥和解密密钥:" + KEY);
String encrypt = aesEncrypt(content, KEY);
System.out.println(encrypt.length()+":加密后:" + encrypt);
String decrypt = aesDecrypt(encrypt, KEY);
System.out.println("解密后:" + decrypt);
}
}
2、重写密码比较方法,(securityUserService为Spring Security默认UserDetailsService的实现类)
/**
* 对登录密码进行解密再校验
*/
public class MyAuthenticationProvider extends DaoAuthenticationProvider {
@Autowired
private PasswordEncoder passwordEncoder;
public MyAuthenticationProvider(SecurityUserService securityUserService) {
setUserDetailsService(securityUserService);
}
@SneakyThrows
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
this.logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
String presentedPassword = authentication.getCredentials().toString();
// 对登录密码进行解密
presentedPassword = EncryptUtil.aesDecrypt(presentedPassword, "16位加密匙");
if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
this.logger.debug("Authentication failed: password does not match stored value");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
}
}
3、将MyAuthenticationProvider注入spring
@Component
public class SecurityUserPassword {
@Autowired
private SecurityUserService securityUserService;
@Bean
public MyAuthenticationProvider myAuthenticationProvider() {
MyAuthenticationProvider myAuthenticationProvider = new MyAuthenticationProvider(securityUserService);
return myAuthenticationProvider;
}
}
前端:
1、用npm进行安装
npm install crypto-js
2、这时项目的package.json中就会引入crypto-js,打开package.json会出现以下代码
"dependencies": {
"crypto-js": "^3.1.9-1",
"element-ui": "^1.4.2",
"vue": "^2.2.1",
"vue-resource": "^1.2.1",
"vue-router": "^2.3.1"
},
这时我们就可以开始在前端JS中进行加密操作了。
转载于:https://blog.csdn.net/weixin_34128839/article/details/91419082
转载于:https://www.cnblogs.com/ordinare/p/13729302.html