Spring Security 3多用户登录实现之五 验证用户凭证

   有了用户凭证后, 如何验证用户的凭证是否正确呢, 这就需要借助AuthenticationManager了, AuthenticationManager可以包含多个AuthenticationProvider, 每个AuthenticationProvider都会针对特定的AuthenticationToken, 也就是用户凭证来验证相应的用户凭证是否正确。

 

   来看看我为了实现验证前台用户凭证和后台用户凭证而实现的AuthenticationProvider吧。

 

 

package com.template.security.authentication.provider;

import com.template.security.authentication.token.BackendAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:16
 */
public class BackendAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        BackendAuthenticationToken authenticationToken = (BackendAuthenticationToken) authentication;
//        String captcha = authenticationToken.getCaptcha();
//        if (captcha.startsWith("ZZ")) {
//            throw new AuthenticationServiceException("The captcha is wrong!");
//        }
        String username = (String) authenticationToken.getPrincipal();
        String password = (String) authenticationToken.getCredentials();

        if (username.equalsIgnoreCase("ZHONGGANG") && password.equalsIgnoreCase("123")) {
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            return authenticationToken;
        }
        throw new AuthenticationServiceException("The username or password is not correct!");
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return BackendAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

 

 

package com.template.security.authentication.provider;

import com.template.security.authentication.token.ForendAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * Created by IntelliJ IDEA.
 * User: Zhong Gang
 * Date: 12-11-4
 * Time: 下午11:16
 */
public class ForendAuthenticationProvider implements AuthenticationProvider {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        ForendAuthenticationToken authenticationToken = (ForendAuthenticationToken) authentication;
        String email = authenticationToken.getEmail();
        String phone = authenticationToken.getPhone();
        if (email.endsWith("@qq.com") && phone.startsWith("139")) {
            authenticationToken.setAuthenticated(true);
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            return authenticationToken;
        }

        throw new AuthenticationServiceException("The email or phone is not correct!");
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return ForendAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

 

    不论是前台用户凭证验证还是后台用户凭证验证,都实现了AuthenticationProvider接口,其中的supports方法表明这个AuthenticationProvider需要对哪个类型的用户凭证进行验证。这里我只是进行了一个简单的验证,没有什么实际意义,如果你的验证需要与数据库打交道,你可以在AuthenticationProvider中注入你的服务。来看看配置文件中的相应配置信息吧。

 

 

    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="forendAuthenticationProvider"/>
        <authentication-provider ref="backendAuthenticationProvider"/>
    </authentication-manager>

    <beans:bean id="backendAuthenticationProvider"
                class="com.template.security.authentication.provider.BackendAuthenticationProvider"/>
    <beans:bean id="forendAuthenticationProvider"
                class="com.template.security.authentication.provider.ForendAuthenticationProvider"/>
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值