SpringSecurity增加额外登录参数

参考连接 自定义认证逻辑的两种方式(高级玩法)

我的需求是需要在传多个参数,从数据库中查询

自定义UsernamePasswordAuthenticationFilter

/**
 * @author Junisyoan
 * @date 2021年2月23日
 * 验证登录用户密码
 */
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
	
	...//省略

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {

        if (request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)
                || request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)
        ) {
            ObjectMapper mapper = new ObjectMapper();
            UsernamePasswordAuthenticationToken authRequest;
            try {
                InputStream is = request.getInputStream();
                @SuppressWarnings("unchecked")
                Map<String, String> authenticationBean = mapper.readValue(is, Map.class);

                String username = authenticationBean.get("username");
                String password = authenticationBean.get("password").trim();


				//额外参数
                String enterpriseCode = authenticationBean.get("enterpriseCode");



                authRequest = new CustomUsernamePasswordAuthenticationToken(username,password,enterpriseCode);
                super.setDetails(request, authRequest);
            } catch (IOException e) {
                e.printStackTrace();
                authRequest = new UsernamePasswordAuthenticationToken("", "");
            }
            return authenticationManager.authenticate(authRequest);
        } else {
            return super.attemptAuthentication(request, response);
        }
    }
	...//省略

}

自定义 UsernamePasswordAuthenticationToken

/**
 * @author shangchain Junisyoan
 * 2021/8/9
 * 自定义认证token
 */
public class CustomUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {

    /**
     * 企业编码
     */
    private final String enterpriseCode;

    public CustomUsernamePasswordAuthenticationToken(Object principal, Object credentials, String enterpriseCode) {
        super(principal, credentials);
        this.enterpriseCode = enterpriseCode;
    }

    public String getEnterpriseCode() {
        return enterpriseCode;
    }
}

自定义AbstractUserDetailsAuthenticationProvider这里主要是重写retrieveUser方法,从数据库中查数据,其他的从DaoAuthenticationProvider抄的

/**
 * @author Junisyoan
 * 2021/8/9
 * 客户端自定义登录验证
 */

public class ClientLoginAuthProvider extends AbstractUserDetailsAuthenticationProvider {

    ...//省略代码
    
    @Override
    protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        CustomUsernamePasswordAuthenticationToken auth = (CustomUsernamePasswordAuthenticationToken) authentication;
        
        //多个参数
        UserDetails loadedUser = userDetailsService.loadUserByUsername(username,auth.getEnterpriseCode());
        
        if (loadedUser == null) {
            throw new InternalAuthenticationServiceException(
                    "UserDetailsService returned null, which is an interface contract violation");
        }
        return loadedUser;
    }

	...//省略代码

}

最后覆盖原有的provider

/**
 * @author Junisyoan
 *
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	//..
	
    @Bean
    public ClientLoginAuthProvider provider(){
        ClientLoginAuthProvider provider = new ClientLoginAuthProvider(userService);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() {
        return new ProviderManager(Collections.singletonList(provider()));
    }
    
    //...
}

运行结果

2021-08-09 18:16:37 JRebel: Reloading SQL maps
c.s.s.a.filter.JwtAuthenticationFilter   : 认证令牌 ===> null
c.s.s.s.s.impl.ClientUserServiceImpl     : 开始认证用户：admin

这里只会有一次认证,多次认证就是SecurityConfig配置错了