使用springSecurity及OAuth2实现多模式登录

已于 2022-10-25 22:33:04 修改
阅读量2.2k 收藏 25
点赞数
分类专栏: spring 文章标签: spring java spring boot
于 2022-10-20 10:40:36 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39538035/article/details/127419989
版权

使用springSecurity及OAuth2实现多模式登录


此篇文章只会给出通过springSecurity和springOAuth2实现多模式登录的示例,另外一篇文章会在此示例的基础上进行源码分析。文章最后会给出源码分析链接地址。
以下所有的代码已经上传至github:
https://github.com/huanqinglord/security-demo

账号密码模式登录

首先只实现账号密码的登录模式。

初始化相关配置类

security相关配置

package com.whq.security.oauth.config;

import com.whq.security.oauth.provider.SMSAuthenticationProvider;
import com.whq.security.oauth.service.MyUserDetailsService;
import com.whq.security.oauth.service.SMSUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * spring security 相关配置
 */
@Configuration
public class WhqSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //1.配置基本认证方式
        http.authorizeRequests()
                // 角色为“ADMIN”的用户才可以访问/test/admin/相关的接口
                //.antMatchers("/test/admin/**").hasRole("ADMIN")
                // 角色为"USER"、“ADMIN”的用户才可以访问/test/user/相关的接口
                //.antMatchers("/test/user/**").hasAnyRole("USER", "ADMIN")
                // 所有用户都可以访问的接口
                .antMatchers("/swagger/**", "/oauth/token/**").permitAll()
                // 对任意请求都进行认证(其他路径的请求登录后才可以访问)
                .anyRequest()
                .authenticated()
                //开启basic认证
                .and().httpBasic()
                .and().formLogin();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    // 初始化security的认证管理器
    @Bean("authenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    // 账号密码登录设置获取用户UserDetailsService
    // 如果所有登录方式获取用户的方式一致,则可以在AuthorizationServerConfigurerAdapter的AuthorizationServerEndpointsConfigurer中设置UserDetailsService
    @Bean
    public DaoAuthenticationProvider getDaoAuthenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(myUserDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());

        return daoAuthenticationProvider;
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(getDaoAuthenticationProvider());
    }
}

OAuth2相关配置

package com.whq.security.oauth.config;

import com.whq.security.oauth.granter.WhqTokenGranter;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import java.util.ArrayList;
import java.util.List;

/**
 * spring security oauth2 相关配置
 */
@Configuration
@AllArgsConstructor
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    private final AuthenticationManager authenticationManager;
    private final PasswordEncoder passwordEncoder;
    private final TokenStore tokenStore;
    private final TokenEnhancer jwtTokenEnhancer;
    private final JwtAccessTokenConverter jwtAccessTokenConverter;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        //获取自定义tokenGranter
        TokenGranter tokenGranter = WhqTokenGranter.getTokenGranter(authenticationManager, endpoints);
        endpoints.tokenStore(tokenStore)
                .authenticationManager(authenticationManager)
                .tokenGranter(tokenGranter);
        // 扩展token返回结果
        if (jwtAccessTokenConverter != null && jwtTokenEnhancer != null) {
            TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            List<TokenEnhancer> enhancerList = new ArrayList<>();
            enhancerList.add(jwtTokenEnhancer);
            enhancerList.add(jwtAccessTokenConverter);
            tokenEnhancerChain.setTokenEnhancers(enhancerList);
            // jwt增强
            endpoints.tokenEnhancer(tokenEnhancerChain).accessTokenConverter(jwtAccessTokenConverter);
        }
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 将client-secret存储在内存中
        // 如果需要从数据库加载则继承JdbcClientDetailsService类自定义处理
        // clients.withClientDetails();

        // basic验证用户名:whqClient 密码:whqSecret
        clients.inMemory().withClient("whqClient").secret(passwordEncoder.encode("whqSecret"))
                // 令牌有效时间,单位秒
                .accessTokenValiditySeconds(7200)
                // 支持账号密码模式登录
                .authorizedGrantTypes("refresh_token",  "pwd")
                // 权限有哪些,如果这两配置了该参数,客户端发请求可以不带参数,使用配置的参数
                .scopes("all", "read", "write");
    }
}

JWT生成token相关配置

package com.whq.security.oauth.config;


import com.whq.security.oauth.factory.JwtTokenEnhancer;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * jwt 生成token相关配置
 */
@Configuration
public class JwtTokenStoreConfiguration {

	/**
	 * 使用jwtTokenStore存储token
	 */
	@Bean
	public TokenStore jwtTokenStore() {
		return new JwtTokenStore(jwtAccessTokenConverter());
	}

	/**
	 * 用于生成jwt
	 */
	@Bean
	public JwtAccessTokenConverter jwtAccessTokenConverter() {
		JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
		accessTokenConverter.setSigningKey("whq");
		return accessTokenConverter;
	}

	/**
	 * 用于扩展jwt
	 */
	@Bean
	@ConditionalOnMissingBean(name = "jwtTokenEnhancer")
	public TokenEnhancer jwtTokenEnhancer(JwtAccessTokenConverter jwtAccessTokenConverter) {
		return new JwtTokenEnhancer(jwtAccessTokenConverter);
	}

}

token参数增强设置


package com.whq.security.oauth.factory;


import com.whq.security.oauth.user.MyUser;
import lombok.AllArgsConstructor;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import java.util.HashMap;
import java.util.Map;

@AllArgsConstructor
public class JwtTokenEnhancer implements TokenEnhancer {

	private final JwtAccessTokenConverter jwtAccessTokenConverter;

	@Override
	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
		MyUser principal = (MyUser) authentication.getUserAuthentication().getPrincipal();

		// token参数增强
		// todo 以下可根据自身业务自由设置,方便于解析token后获取到有价值的信息
		Map<String, Object> info = new HashMap<>(16);
		info.put("user_id", principal.getUserId());
		info.put("user_name", principal.getUsername());
		info.put("user_phone", "18788888888");
		((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(info);

		OAuth2AccessToken oAuth2AccessToken = jwtAccessTokenConverter.enhance(accessToken, authentication);
		String tokenValue = oAuth2AccessToken.getValue();
		String tenantId = principal.getTenantId();
		String userId = principal.getUserId() == null ? "" : principal.getUserId().toString();
		// todo 此处可以将token存入redis
		// RedisTokenUtil.addAccessToken();

		return accessToken;
	}
}

granter设置


package com.whq.security.oauth.granter;


import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.TokenGranter;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

/**
 * 自定义拓展TokenGranter
 */
public class WhqTokenGranter {

	/**
	 * 自定义tokenGranter
	 */
	public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager, final AuthorizationServerEndpointsConfigurer endpoints) {
		// 默认tokenGranter集合
		List<TokenGranter> granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter()));
		// 账号密码模式
		granters.add(new PasswordGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
		// 组合tokenGranter集合
		return new CompositeTokenGranter(granters);
	}

}

账号密码登录granter

package com.whq.security.oauth.granter;

import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

import java.util.LinkedHashMap;
import java.util.Map;

public class PasswordGranter extends AbstractTokenGranter {

	public static final String GRANT_TYPE = "pwd";

	private final AuthenticationManager authenticationManager;

	public PasswordGranter(AuthenticationManager authenticationManager,
                           AuthorizationServerTokenServices tokenServices,
						   ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
		this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
	}

	protected PasswordGranter(AuthenticationManager authenticationManager, AuthorizationServerTokenServices tokenServices,
							  ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
		super(tokenServices, clientDetailsService, requestFactory, grantType);
		this.authenticationManager = authenticationManager;
	}

	@Override
	protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
		Map<String, String> parameters = new LinkedHashMap(tokenRequest.getRequestParameters());
		String username = parameters.get("username");
		String cryptPassword = parameters.get("password");

		Authentication userAuth = new UsernamePasswordAuthenticationToken(username, cryptPassword);
		((AbstractAuthenticationToken) userAuth).setDetails(parameters);
		try {
			// 以下代码为spring security 授权认证逻辑
			userAuth = authenticationManager.authenticate(userAuth);
		} catch (AccountStatusException | BadCredentialsException ase) {
			throw new InvalidGrantException(ase.getMessage());
		}

		if (userAuth == null || !userAuth.isAuthenticated()) {
			throw new InvalidGrantException("Could not authenticate user: " + username);
		}

		OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
		return new OAuth2Authentication(storedOAuth2Request, userAuth);
	}
}

UserDetailsService

此处设置加载用户信息的方式,账号密码使用登录账号获取用户信息。

package com.whq.security.oauth.service;

import com.whq.security.oauth.user.MyUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class MyUserDetailsService implements UserDetailsService {
    @Autowired
    private PasswordEncoder passwordEncoder;

    // 后续登录使用此方法加载用户信息
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        MyUser result = MyUser.getUser(username);
        // 模拟的用户查询数据为明文密码,实际使用时都是加密存储,此处手动加密模拟处理
        String encode = passwordEncoder.encode(result.getPassword());
        // 用户不存在,抛出异常
        if (result == null) {
            throw new UsernameNotFoundException("用户不存在");
        }
        MyUser res = new MyUser(result.getUsername(), encode);
        return res;
    }
}

用户实体类

此处实体类继承自org.springframework.security.core.userdetails.User

package com.whq.security.oauth.user;

import lombok.Getter;
import lombok.Setter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;

import java.util.Collection;
import java.util.HashMap;
import java.util.Map;

/**
 * 用户信息实体类,实际项目中根据自身项目需求修改
 */
@Getter
@Setter
public class MyUser extends User {
    /**
     * 用户id
     */
    private final Long userId;
    /**
     * 租户ID
     */
    private final String tenantId;


    // 用户构造函数
    public MyUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities, Long userId, String tenantId) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
        this.userId = userId;
        this.tenantId = tenantId;
    }

    /**
     * 方便测试用的构造函数
     * 除用户名及密码外其他信息一致
     */
    public MyUser(String username, String password) {
        // authorities 参数为用户角色相关,如果没有使用spring security进行角色权限控制,则不需要配置此参数
        this(username, password, true, true, true, true,
                AuthorityUtils.commaSeparatedStringToAuthorityList("USER,AMDIN"), 1L, "000000");
    }

    // 模拟数据库存储的用户信息
    public static Map<String, MyUser> myUsers;

    static {
        myUsers = new HashMap<>();
        myUsers.put("whq1", new MyUser("whq1", "123"));
        myUsers.put("whq2", new MyUser("whq2", "123"));
        myUsers.put("18788888888", new MyUser("whq1", "123"));
        myUsers.put("18666666666", new MyUser("whq2", "123"));
    }

    // 模拟数据库通过用户名查询用户信息
    public static MyUser getUser(String userName) {
        return myUsers.get(userName);
    }

    // 模拟数据库通过手机号查询用户信息
    public static MyUser getUserByPhone(String userName) {
        return myUsers.get(userName);
    }
}

main方法启动类

package com.whq.security.oauth;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication(scanBasePackages = "com.whq")
public class SecurityOAuth2Application {
    public static void main(String[] args) {
        SpringApplication.run(SecurityOAuth2Application.class, args);
    }
}

测试验证

以上所有代码就实现了账号密码模式的登录。下来通过postman进行验证:

在这里插入图片描述

短信验证码模式登录

初始化相关配置类修改

AuthorizationServerConfig添加短信验证码登录模式

@Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // 将client-secret存储在内存中
        // 如果需要从数据库加载则继承JdbcClientDetailsService类自定义处理
        // clients.withClientDetails();

        // basic验证用户名:whqClient 密码:whqSecret
        clients.inMemory().withClient("whqClient").secret(passwordEncoder.encode("whqSecret"))
                // 令牌有效时间,单位秒
                .accessTokenValiditySeconds(7200)
                // 支持短信验证码、账号密码模式登录
                .authorizedGrantTypes("refresh_token", "SMSVerification", "pwd")
                // 权限有哪些,如果这两配置了该参数,客户端发请求可以不带参数,使用配置的参数
                .scopes("all", "read", "write");
    }

WhqSecurityConfig添加短信验证码provider配置

package com.whq.security.oauth.config;

import com.whq.security.oauth.provider.SMSAuthenticationProvider;
import com.whq.security.oauth.service.MyUserDetailsService;
import com.whq.security.oauth.service.SMSUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * spring security 相关配置
 */
@Configuration
public class WhqSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    // 短信验证时获取用户方式改变
    @Autowired
    private SMSUserDetailsService smsUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //1.配置基本认证方式
        http.authorizeRequests()
                // 角色为“ADMIN”的用户才可以访问/test/admin/相关的接口
                //.antMatchers("/test/admin/**").hasRole("ADMIN")
                // 角色为"USER"、“ADMIN”的用户才可以访问/test/user/相关的接口
                //.antMatchers("/test/user/**").hasAnyRole("USER", "ADMIN")
                // 所有用户都可以访问的接口
                .antMatchers("/swagger/**", "/oauth/token/**").permitAll()
                // 对任意请求都进行认证(其他路径的请求登录后才可以访问)
                .anyRequest()
                .authenticated()
                //开启basic认证
                .and().httpBasic()
                .and().formLogin();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    // 初始化security的认证管理器
    @Bean("authenticationManager")
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    // 账号密码登录设置获取用户UserDetailsService
    // 如果所有登录方式获取用户的方式一致,则可以在AuthorizationServerConfigurerAdapter的AuthorizationServerEndpointsConfigurer中设置UserDetailsService
    @Bean
    public DaoAuthenticationProvider getDaoAuthenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(myUserDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());

        return daoAuthenticationProvider;
    }

    // 短信验证provider初始化
    @Bean
    public SMSAuthenticationProvider getSMSAuthenticationProvider(){
        SMSAuthenticationProvider smsAuthenticationProvider = new SMSAuthenticationProvider();
        smsAuthenticationProvider.setUserDetailsService(smsUserDetailsService);

        return smsAuthenticationProvider;
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(getDaoAuthenticationProvider());
        // 添加短信验证provider
        auth.authenticationProvider(getSMSAuthenticationProvider());
    }
}

granter设置

短信验证码模式granter

package com.whq.security.oauth.granter;


import com.whq.security.oauth.token.SMSVerificationAuthenticationToken;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

import java.util.LinkedHashMap;
import java.util.Map;

public class SMSVerificationTokenGranter extends AbstractTokenGranter {

    private static final String GRANT_TYPE = "SMSVerification";

    private final AuthenticationManager authenticationManager;

    public SMSVerificationTokenGranter(AuthenticationManager authenticationManager,
                                       AuthorizationServerTokenServices tokenServices,
                                       ClientDetailsService clientDetailsService,
                                       OAuth2RequestFactory requestFactory) {
        this(authenticationManager, tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
    }

    protected SMSVerificationTokenGranter(AuthenticationManager authenticationManager,
                                          AuthorizationServerTokenServices tokenServices,
                                          ClientDetailsService clientDetailsService,
                                          OAuth2RequestFactory requestFactory,
                                          String grantType) {
        super(tokenServices, clientDetailsService, requestFactory, grantType);
        this.authenticationManager = authenticationManager;
    }

    @Override
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

        Map<String, String> parameters = new LinkedHashMap(tokenRequest.getRequestParameters());
        String smsCode = parameters.get("SMS-Code");
        String phone = parameters.get("phone");
        parameters.remove("SMS-Code");

        Authentication userAuth = new SMSVerificationAuthenticationToken(phone, smsCode);
        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
        try {
            // 以下代码为spring security 授权认证逻辑
            userAuth = authenticationManager.authenticate(userAuth);
        } catch (AccountStatusException | BadCredentialsException ase) {
            throw new InvalidGrantException(ase.getMessage());
        }
        if (userAuth == null || !userAuth.isAuthenticated()) {
            throw new InvalidGrantException("Could not authenticate user: " + phone);
        }

        OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
        return new OAuth2Authentication(storedOAuth2Request, userAuth);
    }
}

WhqTokenGranter类中对SMSVerificationTokenGranter进行初始化

public static TokenGranter getTokenGranter(final AuthenticationManager authenticationManager, final AuthorizationServerEndpointsConfigurer endpoints) {
		// 默认tokenGranter集合
		List<TokenGranter> granters = new ArrayList<>(Collections.singletonList(endpoints.getTokenGranter()));
		// 账号密码模式
		granters.add(new PasswordGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
		// 短信验证码模式
		granters.add(new SMSVerificationTokenGranter(authenticationManager, endpoints.getTokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()));
		// 组合tokenGranter集合
		return new CompositeTokenGranter(granters);
	}

短信验证码provider

package com.whq.security.oauth.provider;


import com.whq.security.oauth.token.SMSVerificationAuthenticationToken;
import com.whq.security.oauth.user.MyUser;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;

import java.util.ArrayList;

public class SMSAuthenticationProvider implements AuthenticationProvider {

    private UserDetailsService userDetailsService;

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    /**
     * 短信认证
     */
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 获取手机号
        String phone = (authentication.getPrincipal() == null ) ? null : authentication.getPrincipal().toString();
        // 获取短信验证码
        String smsCode = (authentication.getCredentials() == null ) ? null : authentication.getCredentials().toString();
        // todo 在此处进行短信验证码的校验
        // 此处模拟短信验证码为123
        if (!"123".equals(smsCode)) {
            throw new UserDeniedAuthorizationException("验证码不正确");
        }
        MyUser userDetails = (MyUser) userDetailsService.loadUserByUsername(phone);
        if (userDetails == null) {
            throw new InternalAuthenticationServiceException("当前手机号不存在,请先注册");
        }
        SMSVerificationAuthenticationToken smsVerificationAuthenticationToken = new SMSVerificationAuthenticationToken(new ArrayList(), userDetails, authentication.getCredentials());
        smsVerificationAuthenticationToken.setDetails(authentication.getDetails());
        return smsVerificationAuthenticationToken;
    }

    // 判断是否支持此登录方式
    @Override
    public boolean supports(Class<?> authentication) {
        return (SMSVerificationAuthenticationToken.class.isAssignableFrom(authentication));
    }
}

短信验证码UserDetailsService

此处如果账号密码获取用户信息的方式与短信验证码相同(比如:账号密码登录时也是通过手机号登录)则无需再添加此类,同时WhqSecurityConfig类中的配置只需要给SMSAuthenticationProvider设置相同的UserDetailsService即可。

package com.whq.security.oauth.service;

import com.whq.security.oauth.user.MyUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class SMSUserDetailsService implements UserDetailsService {
    @Autowired
    private PasswordEncoder passwordEncoder;

    // 后续登录使用此方法加载用户信息
    @Override
    public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException {
        // 用户使用手机号登录
        MyUser result = MyUser.getUserByPhone(phone);
        // 模拟的用户查询数据为明文密码,实际使用时都是加密存储,此处手动加密模拟处理
        String encode = passwordEncoder.encode(result.getPassword());
        // 用户不存在,抛出异常
        if (result == null) {
            throw new UsernameNotFoundException("用户不存在");
        }
        MyUser res = new MyUser(result.getUsername(), encode);
        return res;
    }
}

短信验证码AuthenticationToken

package com.whq.security.oauth.token;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;

import java.util.Collection;

public class SMSVerificationAuthenticationToken extends AbstractAuthenticationToken {

    // 存储登录手机号
    private Object principal;

    // 存储登录短信验证码
    private Object credentials;

    public SMSVerificationAuthenticationToken(Object principal, Object credentials) {
        super(null);
        this.principal = principal;
        this.credentials = credentials;
        super.setAuthenticated(false);
    }

    /**
     * 校验通过时使用此构造函数
     * 设置参数super.setAuthenticated(true); 表示短信验证码登录校验通过,准备生成token
     */
    public SMSVerificationAuthenticationToken(Collection<? extends GrantedAuthority> authorities, Object principal, Object credentials) {
        super(authorities);
        this.principal = principal;
        this.credentials = credentials;
        // 设置校验通过
        super.setAuthenticated(true);
    }

    @Override
    public Object getCredentials() {
        return this.credentials;
    }

    @Override
    public Object getPrincipal() {
        return this.principal;
    }
}

测试验证

在这里插入图片描述

总结

springOAuth2添加新的认证模式需要完成如下工作:

  1. 配置文件中添加新的authorizedGrantTypes(比如示例中的SMSVerification)
  2. 添加新模式的granter
  3. 添加具体的provider进行认证
  4. 添加新模式对应的AuthenticationToken
  5. 如果新模式获取用户信息的方式是特立独行的,还需要实现新的UserDetailsService,同时需要将新的UserDetailsService与provider进行关联(示例中在WhqSecurityConfig配置类中进行处理的)

基于上述示例,通过DEBUG对springSecurity和springOAuth2进行源码分析,文章链接地址如下:
springSecurity及springOAuth2源码解析

文章内容结合实际工作经验编写,如有问题,欢迎大家评论指正。

璨:
关注
  • 0
    点赞
  • 25
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
springsecurity oauth2.0 集成sso单点登录
congge
11-21 8165
前言 在前两篇中,我们基本上了解springsecurity 的授权码模式和密码模式的工作流程,其实来说,掌握了授权码模式,再基于springsecurity 做单点登录的集成就是一件非常容易的事情 单点登录解释 当我们登录淘宝之后,可以在天猫等其他任意一个应用内进行访问,而不需要二次登录 关于单点登录的业务含义,这里就不再过多做解释了,在之前的博客关于单点登录篇中有较为详细的阐释说明,本篇将直接在springsecurity 认证之授权码模式的基础上进行整合,完整的演示下如何使用springsecuri
SpringSecurity以及OAuth2源码分析——实现登录方式
a602389093的博客
07-25 1722
版权声明:本文为博主ExcelMann的原创文章,未经博主允许不得转载。 作者:ExcelMann,转载需注明。 SpringSecurityOauth2源码分析 我们先来看下通过Oauth2获取token的源码流程: 一、获取token的接口是/oauth/token,在TokenEndpoint类中 public class TokenEndpoint extends AbstractEndpoint { @RequestMapping(value = "/oauth/token", meth
SpringSecurity+OAUTH2集成多种登录方式
无望丶
04-11 3251
Authorization Code(授权码模式):授权码模式, 通过授权码获取token进行资源访问。Implicit(简化模式):用于移动应用程序或 Web 应用程序,这种模式比授权码模式少了code环节,回调url直接附带token。Resource Owner Password Credentials(密码模式):资源所有者和客户端之间具有高度信任时(例如,客户端是设备的操作系统的一部分,或者是一个高度特权应用程序, 比如APP, 自研终端等),因为client可能存储用户密码。
Spring Authorization Server的使用
最新发布
zzy7075的专栏
05-21 519
既然涉及到签名,就涉及到签名算法,对称加密还是非对称加密,那么就需要加密的 密钥或者公私钥对。不存在签名的JWT是不安全的,存在签名的JWT是不可窜改的。,目前已经到了 0.1.2 的版本,不过该项目还是一个实验性的项目,不可在生产环境中使用,此处来使用项目搭建一个简单的授权服务器。没有用户的参与,一般可以用于内部系统之间的访问,或者系统间不需要用户的参与。的创建,这个张三是授权服务器的用户,此处即QQ服务器的用户。此模式下,没有用户的参与,只有客户端和授权服务器之间的参与。
基于SpringSecurity OAuth2实现单点登录——集成Github实现第三方账户登录
向心行者
09-25 2409
1、前言   在《SpringSecurity系列 之 集成第三方登录》中,我们基于SpringSecurity实现了集成的用户名密码、短信验证码和Github三种登录方式,其中,基于Github实现登录,其实已经在SpringSecurity Oauth2中提供了一套实现流程,而且可以通过简单的配置就完成,我们下面尝试使用基于Oauth2的方式来实现Github的登录。 2、Github账户配置   在使用Github实现登录的时候,首先需要在Github账户进行OAuth配置,和《SpringSecu
SpringSecurity多端登录实现方案
一名蒟蒻的博客
01-12 9546
七、SpringSecurity多端登录实现方案 1、自定义AbstractAuthenticationProcessingFilter(仿UsernamePasswordAuthenticationFilter) public class MyAuthenticationFilter extends AbstractAuthenticationProcessingFilter { public static final String SPRING_SECURITY_FORM_USERNAME
SpringSecurity自定义多重登录方式
头发茂密的假程序猿
12-27 5193
前后分离项目,SpringSecurity自定义多重登录方式,通过自定义AuthenticationProvider实现,同时自定义过滤器进行登录验证
Spring Boot2 使用 Spring Security + OAuth2 实现单点登录SSO
lovelichao12的专栏
03-25 1万+
前言 目前系统都是比较流行的微服务架构,在企业发展初期,企业使用的系统很少,通常一个或者两个,每个系统都有自己的登录模块,使用人员每天用自己的账号登录,很方便。但随着企业的发展,用到的微服务系统随之增多,使用人员在操作不同的系统时,需要多次登录,而且每个系统的账号都不一样,都要记录,这对于使用人员来说,很不方便还不友好。于是,就想到是不是可以在一个统一登录门户平台登录,其他系统就不用登录了呢?这就是单点登录要解决的问题。 单点登录英文全称Single signOn,简称就是SSO。它的解释是:在多个应用.
springsecurity+oauth2+jwt实现单点登录demo
06-06
该资源是springsecurity+oauth2+jwt实现的单点登录demo,模式为授权码模式实现自定义登录页面和自定义授权页面。应用数据存在内存中或者存在数据库中(附带数据库表结构),token存储分为数据库或者Redis。demo...
Spring Security OAuth2 授权码模式实现
08-18
Spring Security OAuth2 授权码模式实现 Spring Security OAuth2 授权码模式OAuth 2.0 授权流程中的一种常见模式,该模式要求用户登录并对第三方应用(客户端)进行授权,出示授权码交给客户端,客户端凭授权...
springboot-security-oauth2:SpringBoot集成Spring Security、OAuth2实现authorization code授权码模式
05-10
springboot-security-oauth2此SpringBoot项目集成Spring Security、OAuth2实现资源访问授权认证。支持client credentials、password、authorization code认证模式。项目默认最为复杂的authorization code授权码认证...
微信扫一扫登录、微信支付、springsecurity&oauth2
09-26
项目中使用到的技术包含SpringBoot、SpringSecurity&oauth2(安全资源和授权中心模式、包括登录接口自定义返回字段、自定义手机号+密码登录、自定义免密登录)、Queue队列、线程池、xss攻击配置、SpringCache、Mybatis...
Spring Security整合Oauth2实现流程详解
09-07
本文将详细讲解如何整合Spring Security与OAuth2,以实现基于password模式的认证。 首先,我们需要创建一个新的Spring Boot项目,并添加必要的依赖。在`pom.xml`文件中,引入Spring Security、Spring Web、OAuth2的...
SpringSecurity实现多个用户表登录
JSZDJQ的博客
02-02 2163
学习 Spring Security 实现多用户表登录
SpringSecurity+Oauth+短信登录+第三方登录认证+Session管理
zouyang920的博客
02-10 1666
添加链接描述
基于若依框架springsecurity添加多种用户登录解决方案(springsecurity多用户登录:前端用户、后端用户)
热门推荐
rg10szc的博客
03-17 1万+
自己需求如下(多种用户登录): 后端pc管理员账号、手机app用户,若依框架使用springsecurity框架到验证数据库那一步只能继承UserDetailsService(String username)这个方法,而且只能传递一个username,由于我是多张用户表,就自己想了个方案解决这个问题(把username改成JSON:{username:"admin",userType:"admin"}字符串),为了尽量少改若依原框架,且满足自己项目需求。熟悉springsecurity的可以修改增加filt
spring-security 多类型用户登录+登录多参数验证
Microblue(严 武)
07-22 9299
如果一个系统分为前台用户和后台用户那么就不能使用spring-security的默认配置了。 需要自己来分开配置两种用户的登录方式。 首先创建spring-disuser-security.xml 与 spring-etuser-security.xml 两个配置文件,分别来配置两种用户登录的权限与验证方式 spring-disuser-security.xml的内容如下 &lt;?xml ...
【JAVA】微服务中使用Spring Security OAuth2集成短信验证码登录和自定义登录(2)
Hey-Girl
12-07 1450
Spring Security Oauth2中自定义grant_type
15 Spring Security OAuth2登录(三方登录
Markix的博客
10-28 2721
OAuth2可以用来实现 OAuth2登录(三方登录)。在OAuth2登录的场景中,用户信息则是"资源"! Spring Security 实现OAuth2登录功能。实现原理是:Client获取用户授权,得到令牌,通过令牌,获取用户信息(资源)。再在本地构建用户登录认证信息,维持用户会话状态,以此达到登录的目的。
OAuth2单点登录SpringSecurity实现解析
"该资源是关于SpringSecurity结合OAuth2实现单点登录(SSO)的讲解。主要内容涵盖了OAuth2.0的发展历史、角色定义、协议流程、授权模式以及在实际系统中的设计,同时提及了SSO的实现分析。" 在讲解OAuth2.0时,我们...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值