用户名密码使用的token自然是UsernamePasswordToken,我们可以参考UsernamePasswordToken,自定义PhoneToken,在不同的控制器中传入Token,然后由Realm判断当前的Token属于UsernamePasswordToken还是PhoneToken。
自定义Token:
public class PhoneToken implements HostAuthenticationToken, RememberMeAuthenticationToken, Serializable {
// 手机号码
private String phone;
private boolean rememberMe;
private String host;
/**
* 重写getPrincipal方法
*/
public Object getPrincipal() {
return phone;
}
/**
* 重写getCredentials方法
*/
public Object getCredentials() {
return phone;
}
public PhoneToken() {
this.rememberMe = false; }
public PhoneToken(String phone) {
this(phone, false, null); }
public PhoneToken(String phone, boolean rememberMe) {
this(phone, rememberMe, null); }
public PhoneToken(String phone, boolean rememberMe, String host) {
this.phone = phone;
this.rememberMe = rememberMe;
this.host = host;
}
public String getPhone() {
return phone;
}
public void setPhone(String phone) {
this.phone = phone;
}
@Override
public String getHost() {
return host;
}
@Override
public boolean isRememberMe() {
return rememberMe;
}
}
定义PhoneRealm
```java
public class PhoneRealm extends AuthorizingRealm {
@Resource
UserService userService;
// 认证
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
PhoneToken token = null;
// 如果是PhoneToken,则强转,获取phone;否则不处理。
if(authenticationToken instanceof PhoneToken){
token = (PhoneToken) authenticationToken;
}else{
return null;
}
String phone = (String) token.getPrincipal();
UserDO user = userService.selectByPhone(phone);
if (user == null) {
throw new CustomAuthenticationException("手机号错误");
}
return new SimpleAuthenticationInfo(user, phone, this.getName());
}
// 授权
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
public boolean s