SpringSecurity同时整合短信登录验证和邮箱登录验证

最新推荐文章于 2024-05-14 23:13:17 发布
最新推荐文章于 2024-05-14 23:13:17 发布
阅读量629 收藏 2
点赞数
文章标签: 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_44569326/article/details/132072224
版权

1.创建用户实体类CustomUserDetails:

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.Collections;

public class CustomUserDetails implements UserDetails {

    private String username;
    private String password;
    private boolean enabled;
    private String phoneNumber;
    private String email;

    public CustomUserDetails(String username, String password, boolean enabled, String phoneNumber, String email) {
        this.username = username;
        this.password = password;
        this.enabled = enabled;
        this.phoneNumber = phoneNumber;
        this.email = email;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        // 返回用户权限列表,这里可以根据需要进行设置
        return Collections.singleton(new SimpleGrantedAuthority("ROLE_USER"));
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return enabled;
    }

    // 添加获取手机号和邮箱的方法
    public String getPhoneNumber() {
        return phoneNumber;
    }

    public String getEmail() {
        return email;
    }
}

2.实现自定义的UserDetailsService:

@Service
public class CustomUserDetailsService implements UserDetailsService {

    // 假设用户信息硬编码
    private Map<String, CustomUserDetails> users = new HashMap<>();

    public CustomUserDetailsService() {
        // 在这里初始化用户信息,可以从数据库或其他数据源加载
        // 假设我们有两个用户:user1和user2
        CustomUserDetails user1 = new CustomUserDetails("user1", "$2a$10$E4eDqU4K0ZxL/bDVkTZ8/O0NV5kwq/jK42noRgHh6Xn7gZImkNSxG", true, "123456789", "user1@example.com");
        CustomUserDetails user2 = new CustomUserDetails("user2", "$2a$10$2ncJ8j.mF/7soi/Zk3SGLOxnwAmP0NVklmz2ZI8KU1KifVK6yoB1O", true, "987654321", "user2@example.com");
        users.put("user1", user1);
        users.put("user2", user2);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 从用户列表中查找用户信息
        CustomUserDetails userDetails = users.get(username);
        if (userDetails == null) {
            throw new UsernameNotFoundException("User not found");
        }
        return userDetails;
    }
}

3.创建认证令牌类:

public class SmsAuthenticationToken extends AbstractAuthenticationToken {

    private final String phoneNumber;
    private final String smsCode;

    public SmsAuthenticationToken(String phoneNumber, String smsCode) {
        super(null);
        this.phoneNumber = phoneNumber;
        this.smsCode = smsCode;
    }

    @Override
    public Object getCredentials() {
        return smsCode;
    }

    @Override
    public Object getPrincipal() {
        return phoneNumber;
    }
}


public class EmailAuthenticationToken extends AbstractAuthenticationToken {

    private final String email;
    private final String emailCode;

    public EmailAuthenticationToken(String email, String emailCode) {
        super(null);
        this.email = email;
        this.emailCode = emailCode;
    }

    @Override
    public Object getCredentials() {
        return emailCode;
    }

    @Override
    public Object getPrincipal() {
        return email;
    }
}

4.实现自定义的认证过滤器:

public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    public SmsAuthenticationFilter() {
        super(new AntPathRequestMatcher("/authenticate/sms", "POST"));
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException, IOException, ServletException {
        String phoneNumber = obtainPhoneNumber(request);
        String smsCode = obtainSmsCode(request);

        if (phoneNumber == null) {
            phoneNumber = "";
        }
        if (smsCode == null) {
            smsCode = "";
        }

        phoneNumber = phoneNumber.trim();
        SmsAuthenticationToken authRequest = new SmsAuthenticationToken(phoneNumber, smsCode);
        setDetails(request, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    private String obtainPhoneNumber(HttpServletRequest request) {
        // 从请求中获取手机号码
        return request.getParameter("phoneNumber");
    }

    private String obtainSmsCode(HttpServletRequest request) {
        // 从请求中获取短信验证码
        return request.getParameter("smsCode");
    }

    private void setDetails(HttpServletRequest request, SmsAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }
}


public class EmailAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    public EmailAuthenticationFilter() {
        super(new AntPathRequestMatcher("/authenticate/email", "POST"));
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException, IOException, ServletException {
        String email = obtainEmail(request);
        String emailCode = obtainEmailCode(request);

        if (email == null) {
            email = "";
        }
        if (emailCode == null) {
            emailCode = "";
        }

        email = email.trim();
        EmailAuthenticationToken authRequest = new EmailAuthenticationToken(email, emailCode);
        setDetails(request, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    private String obtainEmail(HttpServletRequest request) {
        // 从请求中获取邮箱
        return request.getParameter("email");
    }

    private String obtainEmailCode(HttpServletRequest request) {
        // 从请求中获取邮箱验证码
        return request.getParameter("emailCode");
    }

    private void setDetails(HttpServletRequest request, EmailAuthenticationToken authRequest) {
        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
    }
}

5.实现自定义的AuthenticationProvider:

public class SmsAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String phoneNumber = authentication.getPrincipal().toString();
        String smsCode = authentication.getCredentials().toString();

        // 在这里实现短信验证的逻辑,根据手机号码和验证码进行验证
        UserDetails userDetails = userDetailsService.loadUserByUsername(phoneNumber);

        // 验证通过,创建认证后的Token
        SmsAuthenticationToken authenticatedToken = new SmsAuthenticationToken(phoneNumber, smsCode, userDetails.getAuthorities());
        authenticatedToken.setDetails(authentication.getDetails());
        return authenticatedToken;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return SmsAuthenticationToken.class.isAssignableFrom(authentication);
    }
}


public class EmailAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String email = authentication.getPrincipal().toString();
        String emailCode = authentication.getCredentials().toString();

        // 在这里实现邮箱验证的逻辑,根据邮箱和验证码进行验证
        UserDetails userDetails = userDetailsService.loadUserByUsername(email);

        // 验证通过,创建认证后的Token
        EmailAuthenticationToken authenticatedToken = new EmailAuthenticationToken(email, emailCode, userDetails.getAuthorities());
        authenticatedToken.setDetails(authentication.getDetails());
        return authenticatedToken;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return EmailAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

6.配置类中的注册:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomUserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
        auth.authenticationProvider(smsAuthenticationProvider());
        auth.authenticationProvider(emailAuthenticationProvider());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/authenticate") // 登录表单提交的URL
                .defaultSuccessUrl("/home") // 登录成功后跳转的URL
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login")
                .and()
            .csrf().disable(); // 禁用CSRF,便于测试

        // 注册自定义的过滤器
        http.addFilterBefore(smsAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        http.addFilterBefore(emailAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public SmsAuthenticationFilter smsAuthenticationFilter() throws Exception {
        SmsAuthenticationFilter filter = new SmsAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManagerBean());
        return filter;
    }

    @Bean
    public EmailAuthenticationFilter emailAuthenticationFilter() throws Exception {
        EmailAuthenticationFilter filter = new EmailAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManagerBean());
        return filter;
    }

    @Bean
    public SmsAuthenticationProvider smsAuthenticationProvider() {
        return new SmsAuthenticationProvider();
    }

    @Bean
    public EmailAuthenticationProvider emailAuthenticationProvider() {
        return new EmailAuthenticationProvider();
    }
}
梧桐雨。
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Spring Security OAuth2集成短信验证登录以及第三方登录
08-27
主要介绍了Spring Security OAuth2集成短信验证登录以及第三方登录,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
SpringBoot + SpringSecurity 短信验证登录功能实现
08-27
主要介绍了SpringBoot + SpringSecurity 短信验证登录功能实现,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
Spring Security 实现短信验证登录功能
08-19
主要介绍了Spring Security 实现短信验证登录功能,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以参考下
Spring Security OAuth2.0 认证协议【13】邮箱验证登录
LawssssCat的博客
04-06 4345
上一篇:https://lawsssscat.blog.csdn.net/article/details/105332569 前面的代码下载:https://github.com/LawssssCat/v-security/tree/v2.4
SpringSecurity是如何实现账号密码验证登录
ykh12345678的博客
07-20 4078
个人理解: ​​​​​​1、 首先在 配置类中定表单登录的URL和账号密码 2、jsp表单中的url和账号秘密要与指定的名称一致。 3、创建SecurityAdmin类,集成User类,因为User类只包含username和password,而我们的实体类肯定不仅仅包含这两个属性 4、新建CrowdUserDetailsService 类,实现UserDetailsService接口,登录的时候SpringSecurity会调用下面的方法,并将用户名传入,根据用户名查询出Admin对象和权限,并将Adm..
SpringSecurity 用户名和密码的校验过程及自定义密码验证
热门推荐
z69183787的专栏
02-06 1万+
1、源码执行过程 1.执行 AuthenticationManager 认证方法 authenticate(UsernamePasswordAuthenticationToken) 2.ProviderManager 实现了 authenticate(UsernamePasswordAuthenticationToken) 3.ProviderManager 是通过自身管理的n个AuthenticationProvider认证提供者去进行认证 4.AuthenticationProvider认证提供
springsecurity实现UserDetailsService改变用户信息来源
feinifi的博客
03-21 1万+
springsecurity用户验证,默认我们为了简单,直接使用在配置文件中写死用户名和密码的方式: 在真实的系统中,我们希望用户的信息来自数据库,而不是写死的,我们就需要实现UserDetailsService接口,实现相应的方法,然后配置authentication-provider,指定我们自定义的UserDetailService。 这里定义一个类SecurityUserDetai...
Spring Security 中定义多种登录方式,比如邮箱、手机验证登录
xxxzzzqqq_的博客
03-21 3375
自定义认证方式总体来说还是很简单的;需要从头重写的也就三个类,然后就是将其配置到Spring Security 中。如果需要再自定义手机号验证登录,按照上述流程再走一遍就行。其实也是 copy 一份,然后进行小幅度的修改即可。
SpringSecurity 如何进行邮箱登录(手机登录
weixin_43535259的博客
05-28 5364
SpringSecurity 授权流程 简而言之,       默认的 用户名密码登录 就是 登录的时候 被对应的UsernamePasswordAuthenticationFilter拦截下来,然后通过前端传过来的Username,Password组成一个叫UsernamePasswordAuthenticationToken 的东西...
SpringSecurity-1-UserDetails接口
文天大人
09-14 1万+
这个接口是我们自己用来定义用户表的结构的 SpringSecurity自己的用户信息只包含了Username,password,roles,假如我希望用户的实体类中还有性别sex字段,那么就没有办法了,所以SpringSecurity提供了UserDetails接口,当然,UserDetails实例是通过UserDetailsService接口的loadUserByUsername方法返回的 首先...
security实现账密、手机号和微信三种方式登陆
qq_39164603的博客
09-16 4564
security实现多种方式登陆 spring security 的核心功能主要包括 认证 授权 攻击防护 其核心就是一组过滤器链,项目启动后将会自动配置。最核心的就是 Basic Authentication Filter 用来认证用户的身份,一个在spring security中一种过滤器处理一种认证方式。 在说多种认证方式之前,咱们先简单过下单认证方式是如何配置的,也说下Spring Security的各个配置类的作用。 1、UsernamePasswordAuthenticationFilte
Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权
02-24
1.本项目为SpringCloud Gateway的微服务框架,整合SpringSecurity,微服务间使用Redis来获取登陆的用户信息。 2.由于Gat
SpringBoot+SpringSecurity整合实现登录认证和权限验证)完整案例,基于IDEA项目
02-16
SpringBoot+SpringSecurity整合示例代码,实现了从数据库中获取信息进行登录认证和权限认证。 本项目为idea工程,请用idea2019导入(老版应该也可以)。 本项目用户信息所需sql文件,在工程的resources文件夹下,...
Spring Security 实现自定义登录和认证(1):使用自定义的用户进行认证
qq_45691577的博客
03-04 2414
这个类是用来检索用户名和密码的,该类被调用,至于是什么可以查看官方文档。//注入编写的UserRepository @Resource private UserRepository userRepository;//根据username查询user @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
SpringSecurity配置多种登录方式
qq_53318060的博客
10-13 3909
SpringSecurity配置多种登陆方式
SpringSecurity+Oauth+短信登录+第三方登录认证+Session管理
zouyang920的博客
02-10 1599
添加链接描述
二、Spring Security +JWT实现登录
zcccc_的博客
01-15 1182
SpringCloud和SpringBoot项目的实现方式差不多,本文主要是SpringCloud,boot的大致也会概括,我会在需要注意的地方用橙色标注。实现这个需求,我也是借鉴了多位优秀博主的文章,过程也遇到各种问题。本文章整理了实现需求的步骤和遇到的所有的问题。优化中……token自动续期;JWT类型token自动续期-CSDN博客携带短标识给前端,jwt数据存入redis,避免token过长;注解式实现接口是否需要拦截;鉴权;
spring security如何做的user的同步
weixin_34168880的博客
01-27 502
前言 在使用spring security开发的过程中,我们常常会用到这样的写法: UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication(); 复制代码来获取UserDetails,即使是在多线程环境下,我们也总是能拿到想要的结果。很奇怪spring security...
从需求角度介绍PasteSpider(K8S平替部署工具适合于任何开发语言)
最新发布
05-14 1449
Kubernetes的强大毋庸置疑,但是你有问自己这么个大杀器真的适合你么?这里推荐一款更加小巧的容器部署工具,集报表,发布,环境,通知于一身的PasteSpider! 支持git/svn发布,支持平滑升级,支持环境隔离,支持用户隔离,支持运行变量设定等,关键易上手!
springSecurity整合Jwt实现登录认证
06-09
好的,这是一个很常见的问题。首先,你需要在Spring Boot项目中添加依赖: ```xml <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency> ``` 然后,你需要创建一个`JwtTokenFilter`类,用于在每个请求中验证JWT令牌: ```java public class JwtTokenFilter extends OncePerRequestFilter { private final JwtTokenProvider tokenProvider; public JwtTokenFilter(JwtTokenProvider tokenProvider) { this.tokenProvider = tokenProvider; } @Override protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException { String token = tokenProvider.resolveToken(httpServletRequest); try { if (token != null && tokenProvider.validateToken(token)) { Authentication auth = tokenProvider.getAuthentication(token); SecurityContextHolder.getContext().setAuthentication(auth); } } catch (JwtException e) { SecurityContextHolder.clearContext(); httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), e.getMessage()); return; } filterChain.doFilter(httpServletRequest, httpServletResponse); } } ``` 接下来,你需要创建一个`JwtTokenProvider`类,用于创建和验证JWT令牌: ```java @Component public class JwtTokenProvider { private static final String SECRET_KEY = "secret-key"; private static final long EXPIRATION_TIME = 864_000_000; // 10 days private final UserDetailsService userDetailsService; public JwtTokenProvider(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } public String createToken(Authentication authentication) { UserDetailsImpl user = (UserDetailsImpl) authentication.getPrincipal(); Date now = new Date(); Date expiryDate = new Date(now.getTime() + EXPIRATION_TIME); return Jwts.builder() .setSubject(user.getUsername()) .setIssuedAt(now) .setExpiration(expiryDate) .signWith(SignatureAlgorithm.HS512, SECRET_KEY) .compact(); } public Authentication getAuthentication(String token) { UserDetails userDetails = userDetailsService.loadUserByUsername(getUsername(token)); return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities()); } public String getUsername(String token) { return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody().getSubject(); } public boolean validateToken(String token) { try { Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token); return true; } catch (JwtException | IllegalArgumentException e) { throw new JwtAuthenticationException("Expired or invalid JWT token"); } } public String resolveToken(HttpServletRequest request) { String bearerToken = request.getHeader("Authorization"); if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) { return bearerToken.substring(7); } return null; } } ``` 最后,你需要修改`WebSecurityConfig`类,以使用JWT令牌进行身份验证: ```java @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final JwtTokenProvider tokenProvider; public WebSecurityConfig(JwtTokenProvider tokenProvider) { this.tokenProvider = tokenProvider; } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/api/auth/**").permitAll() .anyRequest().authenticated() .and() .apply(new JwtConfigurer(tokenProvider)); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(12); } } ``` 以上就是整合Spring Security和JWT进行身份验证的基本步骤。当然,具体实现还需要根据你的业务需求进行调整。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值