SpringSecurity自定义密码验证规则

最新推荐文章于 2025-03-05 21:03:38 发布

子午谷

最新推荐文章于 2025-03-05 21:03:38 发布

阅读量5.3k

点赞数 2

分类专栏： java 文章标签： java 安全 spring

本文链接：https://blog.csdn.net/qq_40068304/article/details/122704681

版权

java 专栏收录该内容

22 篇文章

订阅专栏

1.创建MyAuthenticationProvider类,自定义密码验证规则


import com.yl.entity.User;
import com.yl.security.AccountUser;
import com.yl.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import javax.servlet.http.HttpServletRequest;
import java.util.List;

/**
 * @author ：jerry
 * @date ：Created in 2022/1/26 14:50
 * @description：自定义密码验证规则
 * @version: V1.1
 */
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserService userService;

    @Autowired
    BCryptPasswordEncoder passwordEncoder;


    //自定义密码验证
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();     //表单提交的用户名
        String presentedPassword = (String)authentication.getCredentials();     //表单提交的密码
        User sysUser = userService.getByUsername(username); // 根据用户名获取用户信息
        if (StringUtils.isEmpty(sysUser)) {
            throw new BadCredentialsException("用户名不存在");
        } else {
            AccountUser userDeatils = new AccountUser(sysUser.getId(), sysUser.getUsername(), sysUser.getPassword(), getUserAuthority(sysUser.getId()));

            if (authentication.getCredentials() == null) {
                throw new BadCredentialsException("凭证为空");
            } else if (!passwordEncoder.matches(presentedPassword, sysUser.getPassword())) {
                System.out.println("encodedPassword:"+presentedPassword);
                System.out.println("password:"+sysUser.getPassword());
                throw new BadCredentialsException("密码错误");
            } else {
                UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities());
                result.setDetails(authentication.getDetails());
                return result;
            }
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return true;
    }


    //获取用户权限
    public List<GrantedAuthority> getUserAuthority(Long userId){

        // 角色(ROLE_admin)、菜单操作权限 sys:user:list
        String authority = userService.getUserAuthorityInfo(userId);  // ROLE_admin,ROLE_normal,sys:user:list,....

        return AuthorityUtils.commaSeparatedStringToAuthorityList(authority);
    }

    public static void main(String[] args) {
        String pass = "111111";
        BCryptPasswordEncoder bcryptPasswordEncoder = new BCryptPasswordEncoder();
        String hashPass = bcryptPasswordEncoder.encode(pass);
        System.out.println(hashPass);

        boolean f = bcryptPasswordEncoder.matches("111111",hashPass);
        System.out.println(f);
    }
}

2.SecurityConfig中绑定这个规则

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	MyAuthenticationProvider myAuthenticationProvider;
        ...


    	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(myAuthenticationProvider);		//自定义密码验证规则
	}

}