【SpringSecurity+JWT单点登录，跳过密码校验】

最新推荐文章于 2024-06-21 10:57:12 发布

m0_44976351

最新推荐文章于 2024-06-21 10:57:12 发布

阅读量1.7k

点赞数

分类专栏： SpringSecurity+JWT单点登录文章标签： spring java hibernate

本文链接：https://blog.csdn.net/m0_44976351/article/details/130677454

版权

SpringSecurity+JWT单点登录，跳过密码校验

DaoAuthenticationProvider
继承AbstractUserDetailsAuthenticationProvider抽象类
添加SecurityConfig配置类
源码执行过程

DaoAuthenticationProvider

DaoAuthenticationProvider中的additionalAuthenticationChecks方法负责比对密码

```java
@SuppressWarnings("deprecation")
	protected void additionalAuthenticationChecks(UserDetails userDetails,
			UsernamePasswordAuthenticationToken authentication)
			throws AuthenticationException {
		if (authentication.getCredentials() == null) {
			logger.debug("Authentication failed: no credentials provided");

			throw new BadCredentialsException(messages.getMessage(
					"AbstractUserDetailsAuthenticationProvider.badCredentials",
					"Bad credentials"));
		}

		String presentedPassword = authentication.getCredentials().toString();
		if (!passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
			logger.debug("Authentication failed: password does not match stored value");

			throw new BadCredentialsException(messages.getMessage(
					"AbstractUserDetailsAuthenticationProvider.badCredentials",
					"Bad credentials"));
		}
	}

继承AbstractUserDetailsAuthenticationProvider抽象类

package com.larkmt.cn.admin.filter;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
import org.springframework.util.Assert;

/**
 * @BelongsProject: larkmidtable-web
 * @BelongsPackage: com.larkmt.cn.admin.filter
 * @Author: yanhongwei
 * @CreateTime: 2023-05-11  15:01
 * @Description: TODO
 * @Version: 1.0
 */
public class MaxkeyAuthenticationProvider  extends AbstractUserDetailsAuthenticationProvider {
   
    // ~ Static fields/initializers
    // =====================================================================================

    /**
     * The plaintext password used to perform
     * PasswordEncoder#matches(CharSequence, String)}  on when the user is
     * not found to avoid SEC-2056.
     */
    private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";

    // ~ Instance fields
    // ================================================================================================

    private PasswordEncoder passwordEncoder;

    /**
     * The password used to perform
     * {@link PasswordEncoder#matches(CharSequence, String)} on when the user is
     * not found to avoid SEC-2056. This is necessary, because some
     * {@link PasswordEncoder} implementations will short circuit if the password is not
     * in a valid format.
     */
    private volatile String userNotFoundEncodedPassword;

    private UserDetailsService userDetailsService;

    private UserDetailsPasswordService userDetailsPasswordService;

    public MaxkeyAuthenticationProvider() {
   
        setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
    }

    // ~ Methods
    // ======================================================