需求:做微信公众号扫码登录的时候发现,我们通过微信用户的openID获取后台用户的账号,但是密码是加密放到数据库且不能逆向解密,这时就应该跳过密码认证。
添加自定义校验 # MyAuthenticationProvider
package com.spark.security.config;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import static com.spark.biz.admin.service.impl.SysLoginService.checkPwdThreadLocal;
/**
* @author Jerry
* @date 2024-01-26 18:15
* 自定义密码验证
*/
@Component
public class MyAuthenticationProvider extends DaoAuthenticationProvider {
private PasswordEncoder passwordEncoder;
/**
* 构造初始化
* @param userDetailsService
* @param passwordEncoder
*/
public MyAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
super();
// 这个地方一定要对userDetailsService赋值,不然userDetailsService是null (这个坑有点深)
setUserDetailsService(userDetailsService);
//passwordEncoder由于父类是private,这里需要自定义初始化后才能使用
this.passwordEncoder = passwordEncoder;
}
/**
* 重写该方法
* @param userDetails
* @param authentication
* @throws AuthenticationException
*/
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
this.logger.debug("Failed to authenticate since no credentials provided");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
// 线程变量
Boolean checkPwd = checkPwdThreadLocal.get();
checkPwdThreadLocal.remove();
checkPwd = checkPwd == null || checkPwd;
// 如果不需要密码直接跳过
if (!checkPwd) {
return;
}
String presentedPassword = authentication.getCredentials().toString();
if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
this.logger.debug("Authentication failed: password does not match stored value");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
}
}
/**
* 线程参数
*/
public static ThreadLocal<Boolean> checkPwdThreadLocal = new ThreadLocal<>();
public static void checkPwd(boolean checkPwd) {
checkPwdThreadLocal.set(checkPwd);
}
public String autoLogin(String username, String password) {
// 用户验证
Authentication authentication;
try {
boolean check = false;
checkPwd(check);
authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(username, password));
} catch (Exception e) {
if (e instanceof BadCredentialsException) {
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
throw new UserPasswordNotMatchException();
} else {
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
throw new CustomException(e.getMessage());
}
}
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
// 生成token
return tokenService.createToken(loginUser);
}