短信验证参数检查过滤器
public class MultiTextMessageFilter implements Filter {
private AntPathRequestMatcher matcher = new AntPathRequestMatcher("/oauth/token");
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
// 不需要检查
if (!necessary2CheckCode(httpServletRequest)) {
chain.doFilter(request, response);
return;
}
try {
MultiTextMessageHolder.set(httpServletRequest);
chain.doFilter(request, response);
} finally {
MultiTextMessageHolder.remove();
}
}
private boolean necessary2CheckCode(HttpServletRequest request) {
// 授权类型为空
String grantType = request.getParameter(OAuth2Utils.GRANT_TYPE);
if (ZYStrUtils.isNull(grantType)) {
return false;
}
// 不需要检查
List<String> needCheckCodeGrantTypes= securityProperties.getNeedCheckCodeGrantTypes();
if (!checkCodeGrantTypes.contains(grantType)) {
return false;
}
return matcher.matches(request);
}
}
配置:
在userNamePasswordProvider中的验证:
public void toCheckVerifyCode(UserAccountDetails user) throws InternalAuthenticationServiceException {
MultiTextMessage multiTextMessage = MultiTextMessageHolder.get();
// 前置条件为空
if (null == multiTextMessage || null == verifyCodeSupport) {
return;
}
// 是否跳过了配置等操作
if (verifyCodeSupport.skipByAccountId(user.getUserAccountId())) {
return;
}
// 检查验证码
try {
multiTextMessage.setMobile(user.mobile());
verifyCodeSupport.checkVerifyCode(multiTextMessage);
} catch (Throwable e) {
throw e;
}
}