若依系统(Security)增加手机验证码登录

已于 2024-07-25 15:57:36 修改
阅读量343 收藏 4
点赞数
分类专栏: 若依系统相关问题 文章标签: springboot
于 2024-05-17 10:57:54 首次发布
原文链接:https://www.jianshu.com/p/54ac94a98390
版权

目录

本文参考链接:https://www.jianshu.com/p/54ac94a98390

一、编写token类

二、编写短信登陆鉴权 Provider

三、编写UserDetailsService实现类

四、编写SecurityConfig配置类

本文参考链接:https://www.jianshu.com/p/54ac94a98390

 感谢作者大大,写的很好。此篇就是简单记录一下。

一、编写token类

package com.demo.framework.security.sms;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;

import java.util.Collection;

/**
 * 短信登录 AuthenticationToken,模仿 UsernamePasswordAuthenticationToken 实现
 *
 * @author gmk
 */
public class SmsCodeAuthenticationToken extends AbstractAuthenticationToken {

    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    /**
     * 在 UsernamePasswordAuthenticationToken 中该字段代表登录的用户名,
     * 在这里就代表登录的手机号码
     */
    private final Object principal;

    /**
     * 构建一个没有鉴权的 SmsCodeAuthenticationToken
     */
    public SmsCodeAuthenticationToken(Object principal) {
        super(null);
        this.principal = principal;
        setAuthenticated(false);
    }

    /**
     * 构建拥有鉴权的 SmsCodeAuthenticationToken
     */
    public SmsCodeAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
        super(authorities);
        this.principal = principal;
        // must use super, as we override
        super.setAuthenticated(true);
    }

    @Override
    public Object getCredentials() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        return this.principal;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        if (isAuthenticated) {
            throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
        }
        super.setAuthenticated(false);
    }

    @Override
    public void eraseCredentials() {
        super.eraseCredentials();
    }

}

二、编写短信登陆鉴权 Provider

package com.demo.framework.security.sms;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;

/**
 * 短信登陆鉴权 Provider,要求实现 AuthenticationProvider 接口
 *
 * @author gmk
 */
public class SmsCodeAuthenticationProvider implements AuthenticationProvider {

    private UserDetailsService userDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;

        String telephone = (String) authenticationToken.getPrincipal();

        // 委托 UserDetailsService 查找系统用户
        UserDetails userDetails = userDetailsService.loadUserByUsername(telephone);

        // 此时鉴权成功后,应当重新 new 一个拥有鉴权的 authenticationResult 返回
        SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(userDetails, userDetails.getAuthorities());

        authenticationResult.setDetails(authenticationToken.getDetails());

        return authenticationResult;
    }


    @Override
    public boolean supports(Class<?> authentication) {
        // 判断 authentication 是不是 SmsCodeAuthenticationToken 的子类或子接口
        return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication);
    }

    public UserDetailsService getUserDetailsService() {
        return userDetailsService;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }
}

三、编写UserDetailsService实现类

这里是拿原先的修改的

package com.demo.framework.web.service;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.ybz.safety.common.core.domain.entity.SysUser;
import com.ybz.safety.common.core.domain.model.LoginUser;
import com.ybz.safety.common.enums.UserStatus;
import com.ybz.safety.common.exception.ServiceException;
import com.ybz.safety.common.utils.MessageUtil;
import com.ybz.safety.common.utils.StringUtils;
import com.ybz.safety.system.service.ISysUserService;

/**
 * 用户验证处理
 *
 * @author ruoyi
 */
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);

    @Autowired
    private ISysUserService userService;

    @Autowired
    private SysPasswordService passwordService;

    @Autowired
    private SysPermissionService permissionService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        SysUser user = userService.selectUserByUserName(username);
        if (StringUtils.isNull(user)) {
            log.info("登录用户:{} 不存在.", username);
            throw new ServiceException(MessageUtil.message("user.not.exists"));
        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
            log.info("登录用户:{} 已被停用.", username);
            throw new ServiceException(MessageUtil.message("user.blocked"));
        }

//        passwordService.validate(user);

        return createLoginUser(user);
    }

    public UserDetails createLoginUser(SysUser user) {
        return new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
    }
}

四、编写SecurityConfig配置类

package com.demo.framework.config;

import com.ybz.safety.framework.config.properties.PermitAllUrlProperties;
import com.ybz.safety.framework.security.filter.JwtAuthenticationTokenFilter;
import com.ybz.safety.framework.security.handle.AuthenticationEntryPointImpl;
import com.ybz.safety.framework.security.handle.LogoutSuccessHandlerImpl;
import com.ybz.safety.framework.security.sms.SmsCodeAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.web.filter.CorsFilter;

/**
 * spring security配置
 */
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    /**
     * 自定义用户认证逻辑
     */
    @Autowired
    private UserDetailsService userDetailsService;

    /**
     * 认证失败处理类
     */
    @Autowired
    private AuthenticationEntryPointImpl unauthorizedHandler;

    /**
     * 退出处理类
     */
    @Autowired
    private LogoutSuccessHandlerImpl logoutSuccessHandler;

    /**
     * token认证过滤器
     */
    @Autowired
    private JwtAuthenticationTokenFilter authenticationTokenFilter;

    /**
     * 跨域过滤器
     */
    @Autowired
    private CorsFilter corsFilter;

    /**
     * 允许匿名访问的地址
     */
    @Autowired
    private PermitAllUrlProperties permitAllUrl;

    /**
     * 解决 无法直接注入 AuthenticationManager
     *
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * anyRequest          |   匹配所有请求路径
     * access              |   SpringEl表达式结果为true时可以访问
     * anonymous           |   匿名可以访问
     * denyAll             |   用户不能访问
     * fullyAuthenticated  |   用户完全认证可以访问(非remember-me下自动登录)
     * hasAnyAuthority     |   如果有参数,参数表示权限,则其中任何一个权限可以访问
     * hasAnyRole          |   如果有参数,参数表示角色,则其中任何一个角色可以访问
     * hasAuthority        |   如果有参数,参数表示权限,则其权限可以访问
     * hasIpAddress        |   如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问
     * hasRole             |   如果有参数,参数表示角色,则其角色可以访问
     * permitAll           |   用户可以任意访问
     * rememberMe          |   允许通过remember-me登录的用户访问
     * authenticated       |   用户登录后可访问
     */
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

        SmsCodeAuthenticationProvider smsCodeAuthenticationProvider = new SmsCodeAuthenticationProvider();
        smsCodeAuthenticationProvider.setUserDetailsService(userDetailsService);

        // 注解标记允许匿名访问的url
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
        permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());

        httpSecurity
                // CSRF禁用,因为不使用session
                .csrf().disable()
                // 禁用HTTP响应标头
                .headers().cacheControl().disable().and()
                // 认证失败处理类
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                // 基于token,所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                // 过滤请求
                .authorizeRequests()
                // 对于登录login 注册register 验证码captchaImage 允许匿名访问
                .antMatchers("/sendSms","/login", "/register", "/captchaImage").permitAll()
                // 静态资源,可匿名访问
                .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**",
                        "/images/**", "/**/pdf/**").permitAll()
                .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
                .and()
                .headers().frameOptions().disable();
        // 添加Logout filter
        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
        // 添加JWT filter
        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        // 添加CORS filter
        httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
        httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class)
                //手机验证码的provider
                .authenticationProvider(smsCodeAuthenticationProvider);
    }

    /**
     * 强散列哈希加密实现
     */
    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }


    /**
     * 身份认证接口
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //账号密码
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }
}

四、登录接口

  @Autowired
    private ISysUserService userService;
    
    @Resource
    private AuthenticationManager authenticationManager;
    @Autowired
    private TokenService tokenService;

    @Autowired
    private RedisCache redisCache;
    
    @PostMapping(value = {"/login"})
    public AjaxResult login(@RequestBody Map<String, Object> params) {
        try {
            String phone = params.get("phone").toString();
            String smsCode = params.get("smsCode").toString();
            if (StringUtils.isEmpty(phone)) {
                return AjaxResult.error("手机号码不能为空");
            }

            if (phone.trim().length() != 11) {
                return AjaxResult.error("手机号码格式不正确");
            }
            SysUser sysUser = userService.selectUserByUserName(phone);
            if (sysUser == null) {
                return AjaxResult.error("登录帐号不正确");
            }
            if (!UserStatus.OK.getCode().equals(sysUser.getStatus())) {
                return AjaxResult.error("账号不存在或不可用");
            }
            
            //校验验证码(这一块代码就不写了)

            
           
            
            
            // 用户验证
            Authentication authentication = null;
            try {
                // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
                authentication = authenticationManager.authenticate(new SmsCodeAuthenticationToken(phone));
            } catch (Exception e) {
                if (e instanceof BadCredentialsException) {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, Constants.LOGIN_FAIL, MessageUtil.message("user.password.not.match")));
                    throw new UserPasswordNotMatchException();
                } else {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, Constants.LOGIN_FAIL, e.getMessage()));
                    throw new ServiceException(e.getMessage());
                }
            }
            // 执行异步任务,记录登录信息
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, Constants.LOGIN_SUCCESS, MessageUtil.message("user.login.success")));
            // 获取登录人信息
            LoginUser loginUser = (LoginUser) authentication.getPrincipal();
            // 生成token
            String token = tokenService.createToken(loginUser);
            redisCache.setCacheObject("token", token);
            return AjaxResult.success(sysUser).put("token", token);
        } catch (Exception e) {
            this.log.error("异常:登录失败", e);
        }
        return AjaxResult.error("登录失败,请稍后再试");
    }

桂花白米糕
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
若依添加手机号验证
m0_73429984的博客
07-04 874
若依添加手机短信验证进行讲解
spring security 实现动态权限和短信验证码登录
07-23
用户提交手机号和验证码后,系统会校验验证码的正确性,只有验证码匹配时才允许登录。 整合JWT(JSON Web Tokens)可以实现无状态的认证。JWT是一种轻量级的身份验证机制,它将用户信息编码为一个令牌,这个令牌...
若依RuoYi整合短信验证码登录
踮脚敲代码
01-03 7532
背景:若依默认使用账号密码进行登录,但是咱们客户需要增加一个短信登录功能,即在不更改原有账号密码登录的基础上,整合短信验证码登录
RUOYI集成手机短信登录
最新发布
小米队长的博客
06-12 835
通过实现不同的provider可以实现不同的登录验证方式,例如邮箱登录验证和扫码登录验证等。不同的provider需要实现对应的token类,将认证信息传递到security组件中,provider的实现类中实现对认证信息的校验。UserDetailsService接口的实现类,用来查询用户在系统中的信息,一些数据状态的验证可以在此接口的实现类中实现验证逻辑。
ruoyi(springcloud)集成手机验证码登陆
yinhaoq的博客
09-01 779
若依集成手机验证码登陆
若依实现手机验证码登入功能及企业微信机器人预警功能
i_am_love_CrCr的博客
07-18 615
若依,企业微信,验证码,短信,阿里,机器人
若依短信验证码登录
weixin_67210784的博客
11-26 5237
若依框架新增自定义短信验证码登录
若依RuoYi短信验证码登录】汇总
z_xiao_qiang的博客
04-15 3610
因为有多个端,多个语言共享登录接口,所以,接口定义尽量简单,接口内的逻辑判断尽量全面,判断手机号还是邮箱登录,再判断密码还是验证码登录,验证完了之后,再去验证用户是否存在数据库中,如果是密码登录的,则需要对比密码,然后再创建一个登录的token,返回。按照Security的流程图可知,实现多种方式登录,只需要重写三个主要的组件,第一个用户认证处理过滤器,第二个用户认证token类,第三个,自定义短信登录身份认证。大概就这么多,如果有更好的方式,欢迎交流。
若依前后端分离版ruoyi-vue:增加新的登录接口(新用户表),用于小程序或者APP获取token,并使用若依的验证方法,结合腾讯云短信验证码实现手机号+验证码登陆
ytgytg28的博客
11-19 5352
添加新用户表实体类,一定要添加Getter和Setter,之前未添加导致存入Redis后没有用户实体类的信息,查找了好久,主要是我水平有限,可能水平高的人一下就会找到原因了。路径:src/main/java/com/wanuw/common/core/domain/model/LoginUser.java。路径:src/main/java/com/wanuw/framework/config/SecurityConfig.java。根据自己腾讯云实际情况填写,下面只是个样子,*为加密。此时已经添加完成了。
若依集成短信验证码登陆功能思路加源码 RuoYi Redis暂存验证码
gjg___gg的博客
04-20 933
通过手机号去redis中查询验证码String code = (String) redisTemplate.opsForValue().get(smsLogin.getPhoneNumber());判断是否是第一次发送redisTemplate.opsForValue().set(countKey, "1", 10, TimeUnit.MINUTES);1.发送短信前,先做手机号校验,结合自己项目中的发送短信平台的参数(签名、模板编码、失效时间、验证码长度、手机号)组成发送短信前的成员类。
Spring Security Oauth2.0 实现短信验证码登录示例
08-28
Spring Security Oauth2.0 实现短信验证码登录示例 本篇文章主要介绍了 Spring Security Oauth2.0 实现短信验证码登录示例,具有一定的参考价值。下面是该示例的详细知识点解释: 一、Spring Security Oauth2.0 ...
SpringBoot+Security 发送短信验证码的实现
08-27
本篇文章将详细介绍如何在SpringBoot项目中结合Spring Security实现发送短信验证码的功能,以增强用户注册或登录过程的安全性。 首先,我们需要在项目的`core`模块下创建一个`properties`包,并在此包内定义一个名...
Spring Boot Security 2.5.8 实现账号、手机号、邮件登录,记住密码等功能
11-13
2. **手机登录**:为了适应移动互联网的需求,Spring Security可以通过扩展实现短信验证码或直接使用手机号作为身份验证的凭证。这通常涉及到与短信服务提供商的集成,以及对手机号的验证逻辑。 3. **邮箱登录**...
spring-gateway实现登录验证码校验的代码,百分百可用
06-23
Kaptcha 是一个 Java 实现的验证码生成器,它可以生成包含字母和数字的复杂图片,并具有可配置的样式和扭曲程度,从而增加破解的难度。 首先,我们需要在项目中引入 Kaptcha 的依赖。在 Maven 或 Gradle 的配置文件...
【Ruoyi第三方登录】对Ruoyi添加手机登录和邮箱登录的功能
qq_63884430的博客
01-28 3488
对otherLoadUser(String username,int num)重载UserDetailsServiceImpl类的loadUserByUsername方法,通过设定开关值num使邮箱手机号这些无密码登录的方式不检验密码。实际上你会发现,principal就是username,credentials就是password,所以对于不需要密码登录的方式简单的不用credentials就行了吗?最后再把若依SecurityConfig的白名单加上我们的接口路径就行了。
若依分离版短信登录集成步骤
ConorChan的博客
03-19 4347
若依分离版短信登录集成步骤
若依前后端分离Spring Security新增手机登录
qq_39845279的博客
05-31 307
按照Security的流程图可知,实现多种方式登录,只需要重写三个主要的组件,第一个用户认证处理过滤器,第二个用户认证token类,第三个,自定义短信登录身份认证。
若依框架(SpringSecurity登录接口改造
Meteors.的博客
07-12 2962
这篇文章是对若依框架的SpringSecurity做的登录接口进行改造
springsecurity实现手机验证码登录
05-25
Spring Security可以很方便地实现手机验证码登录,步骤如下: 1. 添加spring-security-web和spring-security-config依赖。 ```xml <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring-security.version}</version> </dependency> ``` 2. 创建一个实现UserDetailsService接口的类,该类用于根据不同的用户名加载用户信息。 ```java @Service public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userMapper.selectByUsername(username); if (user == null) { throw new UsernameNotFoundException("用户名不存在"); } return new UserPrincipal(user); } } ``` 3. 创建一个实现AuthenticationProvider接口的类,该类用于验证用户的手机号和验证码是否正确。 ```java @Service public class SmsCodeAuthenticationProvider implements AuthenticationProvider { @Autowired private RedisTemplate<String, String> redisTemplate; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication; String mobile = authenticationToken.getPrincipal().toString(); String code = authenticationToken.getCredentials().toString(); String redisCode = redisTemplate.opsForValue().get(SmsCodeAuthenticationFilter.REDIS_SMS_CODE_KEY_PREFIX + mobile); if (StringUtils.isBlank(redisCode)) { throw new BadCredentialsException("验证码不存在或已过期"); } if (!StringUtils.equals(code, redisCode)) { throw new BadCredentialsException("验证码不正确"); } UserDetails userDetails = new UserPrincipal(new User(mobile, "", Collections.emptyList())); return new SmsCodeAuthenticationToken(userDetails, userDetails.getAuthorities()); } @Override public boolean supports(Class<?> authentication) { return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication); } } ``` 4. 创建一个实现AuthenticationFilter接口的类,该类用于处理短信验证码登录请求。 ```java public class SmsCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter { public static final String SPRING_SECURITY_FORM_MOBILE_KEY = "mobile"; public static final String SPRING_SECURITY_FORM_CODE_KEY = "code"; public static final String REDIS_SMS_CODE_KEY_PREFIX = "SMS_CODE_"; private String mobileParameter = SPRING_SECURITY_FORM_MOBILE_KEY; private String codeParameter = SPRING_SECURITY_FORM_CODE_KEY; private boolean postOnly = true; public SmsCodeAuthenticationFilter() { super(new AntPathRequestMatcher("/login/mobile", "POST")); } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { if (postOnly && !request.getMethod().equals("POST")) { throw new AuthenticationServiceException("不支持的请求方式: " + request.getMethod()); } String mobile = obtainMobile(request); String code = obtainCode(request); if (StringUtils.isBlank(mobile)) { throw new UsernameNotFoundException("手机号不能为空"); } if (StringUtils.isBlank(code)) { throw new BadCredentialsException("验证码不能为空"); } SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile, code); setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest); } protected String obtainMobile(HttpServletRequest request) { return request.getParameter(mobileParameter); } protected String obtainCode(HttpServletRequest request) { return request.getParameter(codeParameter); } protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) { authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); } public void setMobileParameter(String mobileParameter) { this.mobileParameter = mobileParameter; } public void setCodeParameter(String codeParameter) { this.codeParameter = codeParameter; } public void setPostOnly(boolean postOnly) { this.postOnly = postOnly; } public final String getMobileParameter() { return mobileParameter; } public final String getCodeParameter() { return codeParameter; } } ``` 5. 在WebSecurityConfigurerAdapter的子类中进行配置。 ```java @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsServiceImpl userDetailsService; @Autowired private SmsCodeAuthenticationProvider smsCodeAuthenticationProvider; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/login/mobile").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").defaultSuccessURL("/home").permitAll() .and() .logout().logoutUrl("/logout").permitAll() .and() .addFilterBefore(smsCodeAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) .csrf().disable(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(smsCodeAuthenticationProvider) .userDetailsService(userDetailsService) .passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public SmsCodeAuthenticationFilter smsCodeAuthenticationFilter() { SmsCodeAuthenticationFilter filter = new SmsCodeAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager()); filter.setAuthenticationSuccessHandler((request, response, authentication) -> { response.setContentType("application/json;charset=UTF-8"); PrintWriter out = response.getWriter(); out.write("{\"code\": 0, \"message\": \"登录成功\"}"); out.flush(); out.close(); }); filter.setAuthenticationFailureHandler((request, response, exception) -> { response.setContentType("application/json;charset=UTF-8"); PrintWriter out = response.getWriter(); out.write("{\"code\": 1, \"message\": \"" + exception.getMessage() + "\"}"); out.flush(); out.close(); }); return filter; } } ``` 6. 在前端页面中添加短信验证码登录的表单。 ```html <form action="/login/mobile" method="post"> <div> <label>手机号:</label> <input type="text" name="mobile" /> </div> <div> <label>验证码:</label> <input type="text" name="code" /> <button type="button" onclick="sendSmsCode()">发送验证码</button> </div> <div> <button type="submit">登录</button> </div> </form> ``` 7. 在后端控制器中添加发送短信验证码的接口。 ```java @RestController public class SmsCodeController { @Autowired private RedisTemplate<String, String> redisTemplate; @GetMapping("/sms/code") public void sendSmsCode(String mobile) { String code = RandomStringUtils.randomNumeric(6); redisTemplate.opsForValue().set(SmsCodeAuthenticationFilter.REDIS_SMS_CODE_KEY_PREFIX + mobile, code, 5, TimeUnit.MINUTES); // 发送短信验证码 } } ``` 以上就是使用Spring Security实现手机验证码登录的全部步骤。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值