1、加密方式
无
加密验证类
import org.springframework.security.crypto.password.PasswordEncoder;
public class MPasswordEncoder implements PasswordEncoder {
/**
* 对密码进行加密并返回
*/
public String encode(CharSequence rawPassword) {
/*
*我这里放入的是原始值,不进行对应加密,如需在这一层进行加密,直接调用加密方式方可
*/
return rawPassword+"";
}
/**
* 验证密码是否正确
*/
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return encode(rawPassword).equals(encodedPassword);
}
}
//我这里的sysUser实现了UserDetails类
sysUserDao 实现UserDetailsService 重写loadUserByUsername方法
/**
* 重写UserDetailService的接口,我这里的sysUser是实现UserDetails的类
*/
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
SysUser sysUser = getByAccount(username);
if (sysUser == null)
throw new UsernameNotFoundException("用户不存在");
return sysUser;
}
spring-security.xml配置
<!-- 认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
<security:authentication-manager alias="authenticationManager" >
<security:authentication-provider user-service-ref="sysUserDao">
<security:password-encoder ref="mpasswordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<!-- bean注入密码校验规则器 -->
<bean id="mpasswordEncoder" class="com.hotent.core.web.MPasswordEncoder" />
调用
//对应账号,密码:加密存入数据库的密码,或者通过手机号/邮箱查找账号信息把查询到的账号密码填进去
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, encrptPassword);
authRequest.setDetails(new WebAuthenticationDetails(request));
SecurityContext securityContext = SecurityContextHolder.getContext();
//与数据库对应校验
Authentication auth = authenticationManager.authenticate(authRequest);
securityContext.setAuthentication(auth);
sessionStrategy.onAuthentication(auth, request, response);