grails框架下修改acegi权限框架的加密方式

最新推荐文章于 2023-03-07 14:36:12 发布
最新推荐文章于 2023-03-07 14:36:12 发布
阅读量527 收藏
点赞数
分类专栏: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xiongcancan/article/details/70271001
版权

1、重写加密算法,这里用的是明文

package cn.eshore.encodePassword;

import org.springframework.security.providers.encoding.BasePasswordEncoder;

/**
 * Created by Administrator on 2017/4/12.
 */
public class PlaintextPasswordOverwriteEncoder extends BasePasswordEncoder {
    //~ Instance fields ================================================================================================

    private boolean ignorePasswordCase = false;

    //~ Methods ========================================================================================================

    public String encodePassword(String rawPass, Object salt) {
        return mergePasswordAndSalt(rawPass, salt, true);
    }

    public boolean isIgnorePasswordCase() {
        return ignorePasswordCase;
    }

    public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
        if(salt.equals(true))
            return true;
        String pass1 = encPass + "";

        // Strict delimiters is false because pass2 never persisted anywhere
        // and we want to avoid unnecessary exceptions as a result (the
        // authentication will fail as the encodePassword never allows them)
        String pass2 = mergePasswordAndSalt(rawPass, "", false);

        if (!ignorePasswordCase) {
            return pass1.equals(pass2);
        } else {
            return pass1.equalsIgnoreCase(pass2);
        }
    }

    /**
     * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting
     * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p>
     *  <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p>
     *
     * @param password from {@link #encodePassword(String, Object)}
     *
     * @return an array containing the password and salt
     */
    public String[] obtainPasswordAndSalt(String password) {
        return demergePasswordAndSalt(password);
    }

    /**
     * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning
     * an exact case match is required.</p>
     *
     * @param ignorePasswordCase set to <code>true</code> for less stringent comparison
     */
    public void setIgnorePasswordCase(boolean ignorePasswordCase) {
        this.ignorePasswordCase = ignorePasswordCase;
    }
}

2、在resources.groovy里配置bean 

 passwordEncoder(cn.eshore.encodePassword.PlaintextPasswordOverwriteEncoder)

3、添加org.codehaus.groovy.grails.plugins.springsecurity.DaoAuthenticationOverwriteProvider(重写类,添加业务判断) 

package org.codehaus.groovy.grails.plugins.springsecurity

import com.sun.org.apache.xpath.internal.operations.Bool
import org.springframework.dao.DataAccessException
import org.springframework.security.AuthenticationException
import org.springframework.security.AuthenticationServiceException
import org.springframework.security.BadCredentialsException
import org.springframework.security.providers.UsernamePasswordAuthenticationToken
import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider
import org.springframework.security.providers.dao.SaltSource
import org.springframework.security.providers.encoding.PasswordEncoder
import org.springframework.security.providers.encoding.PlaintextPasswordEncoder
import org.springframework.security.userdetails.UserDetails
import org.springframework.security.userdetails.UserDetailsService
import org.springframework.util.Assert

/**
 * Created by xiongcc on 2017/4/12.
 */
class DaoAuthenticationOverwriteProvider extends AbstractUserDetailsAuthenticationProvider{
    //~ Instance fields ================================================================================================

    private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();

    private SaltSource saltSource;

    private UserDetailsService userDetailsService;

    private boolean includeDetailsObject = true;

    //~ Methods ========================================================================================================

    protected void additionalAuthenticationChecks(UserDetails userDetails,
                                                  UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        Object salt = null;

        if (this.saltSource != null) {
            salt = this.saltSource.getSalt(userDetails);
        }

        if (authentication.getCredentials() == null) {
            throw new BadCredentialsException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
                    includeDetailsObject ? userDetails : null);
        }

        String presentedPassword = authentication.getCredentials().toString();

        //通过orgInfo的singleLogin来判断是否可以通过账号直接登陆
        String singlePointLongin = userDetails.domainClass.org.singleLogin;
        salt = singlePointLongin.equals("yes")

        if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {
            throw new BadCredentialsException(messages.getMessage(
                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),
                    includeDetailsObject ? userDetails : null);
        }
    }

    protected void doAfterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
    }

    protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
            throws AuthenticationException {
        UserDetails loadedUser;

        try {
            loadedUser = this.getUserDetailsService().loadUserByUsername(username);
        }
        catch (DataAccessException repositoryProblem) {
            throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
        }

        if (loadedUser == null) {
            throw new AuthenticationServiceException(
                    "UserDetailsService returned null, which is an interface contract violation");
        }
        return loadedUser;
    }

    /**
     * Sets the PasswordEncoder instance to be used to encode and validate passwords.
     * If not set, {@link PlaintextPasswordEncoder} will be used by default.
     *
     * @param passwordEncoder The passwordEncoder to use
     */
    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    protected PasswordEncoder getPasswordEncoder() {
        return passwordEncoder;
    }

    /**
     * The source of salts to use when decoding passwords. <code>null</code>
     * is a valid value, meaning the <code>DaoAuthenticationProvider</code>
     * will present <code>null</code> to the relevant <code>PasswordEncoder</code>.
     *
     * @param saltSource to use when attempting to decode passwords via the <code>PasswordEncoder</code>
     */
    public void setSaltSource(SaltSource saltSource) {
        this.saltSource = saltSource;
    }

    protected SaltSource getSaltSource() {
        return saltSource;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    protected UserDetailsService getUserDetailsService() {
        return userDetailsService;
    }

    protected boolean isIncludeDetailsObject() {
        return includeDetailsObject;
    }

    /**
     * Determines whether the UserDetails will be included in the <tt>extraInformation</tt> field of a
     * thrown BadCredentialsException. Defaults to true, but can be set to false if the exception will be
     * used with a remoting protocol, for example.
     *
     * @deprecated use {@link org.springframework.security.providers.ProviderManager#setClearExtraInformation(boolean)}
     */
    public void setIncludeDetailsObject(boolean includeDetailsObject) {
        this.includeDetailsObject = includeDetailsObject;
    }
}

重点见additionalAuthenticationChecks方法


4、修改org.codehaus.groovy.grails.plugins.springsecurity.GrailsDaoAuthenticationProvider的父类是DaoAuthenticationOverwriteProvider 

/* Copyright 2006-2009 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.codehaus.groovy.grails.plugins.springsecurity

import org.springframework.security.AuthenticationException
import org.springframework.security.providers.UsernamePasswordAuthenticationToken
import org.springframework.security.ui.ntlm.NtlmUsernamePasswordAuthenticationToken
import org.springframework.security.userdetails.UserDetails

/**
 * @author Martin Vlcek
 * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a>
 */
class GrailsDaoAuthenticationProvider extends DaoAuthenticationOverwriteProvider {

	@Override
	protected void additionalAuthenticationChecks(UserDetails userDetails,
            UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {

        // don't check password in case of NTLM authentication
        if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {
            super.additionalAuthenticationChecks(userDetails, authentication)
        }
    }
}

备注:3和4的文件写在aecgi的plugin里

volcano_b
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
grails中的加密
u014207158的博客
11-12 518
encodeAsSHA1() 使用方法:字符串.encodeAsSHA1() 即可,无需做其他任何事 encodeAsMD5() 使用方法:字符串.encodeAsMD5() 即可,无需做其他任何事
GrailsGrails3 Spring Secuirty自定义加密方式
斗战圣佛91的博客
08-05 230
Grails3 Spring Secuirty自定义加密方式 应用场景 公司老项目使用grails2.0+版本,他的加密方式encodeAsSHA256,数据是通过导入实现,要兼容以前数据加密方式,使以前使用老项目的用户也能用原先的密码登录。 首先,我做了一下测试 def test() { map.password1 = "123456".encodeAsSHA256() ...
spring security 加密和,密码验证例子
thinktotings的专栏
08-01 282
本事例:用到的jar 文件   commons-codec-1.3.jar spring-security-core-2.0.5.RELEASE.jar   spring security 加密   package com.tht.md5; import org.springframework.security.providers.encoding.Md5Password...
Spring Security异常没有直接抛出的问题
baidu_39157826的博客
05-13 3397
Spring Security 异常没有抛出去的问题 记录一个使用Spring Security自定义异常时出现的问题。 UserDetailsService returned null, which is an interface contract violation 环境描述 定义了一个登录异常,继承security里的Authentication异常 import org.springframework.security.core.AuthenticationException; public
Spring Security OAuth2实现多用户类型认证、刷新Token
susu1083018911的博客
03-07 3767
loadUserByUsername携带多个参数
grails框架
09-03
grails除了核心模块以外的功能几乎都是通过插件方式实现的。实际上,一个grails插件和一个grails应用基本是完全一样的,同样可以使用grails run-app命令来运行。区别仅在于一个插件的根目录下需要提供一个fooplugin....
grails框架心得
12-22
grails开发过程中,项目优化配置,系统间调用等的总结。
GrailsWeb应用框架grails-core
08-07
**Grails Web 应用框架概述** Grails 是一个基于 Groovy 语言的开源Web应用程序框架,它构建在Java平台上,充分利用了Java EE(企业版)的诸多特性。"grails-core"是Grails框架的核心模块,包含了构建、运行和管理...
Grails开源框架 - 使用指南
11-25
Grails开源框架 - 使用指南,版本1.0,中文文档。 Grails开源框架 - 使用指南 作者: Graeme Rocher, Marc Palmer 版本: 1.0 Copies of this document may be made for your own use and for distribution to ...
grails-core:Grails Web应用程序框架
02-27
设置GRAILS_HOME环境变量以指向提取的下载文件的根目录,并将GRAILS_HOME/bin添加到您的可执行文件PATH 。 然后在外壳中,键入以下内容: grails create-app sampleapp cd sampleapp grails run-app 要构建Grails...
SpringSecurity登陆失败后页面回显错误信息.pdf
09-10
SpringSecurity自定义登陆页面,当登陆失败后,需要在页面上回显错误信息,但是错误信息又是由SpringSecurity自己封装的,我们如何去获取并且如何将错误信息转换成中文显示在页面上,本资源对其进行了详情的解决,方便后期使用。
MD5Encode签名加密文件
10-15
小程序签名使用
spring boot oauth2 添加 手机验证码登录验证模式(grantType)
Riteny的博客
06-11 2005
step1 搭建基础的spring oauth2 项目 详细可以参考《spring boot security oauth2 认证服务器搭建》
spring security解析--认证
Dream - to be coder
04-01 1232
spring security用户认证 主要涉及到的对象是AuthenticationManager,ProviderManager, AuthenticationProvirder, DaoAuthenticationProvider, UserDetailsService,UserDetials
Spring Security学习(二)认证管理器
德玛西亚
03-07 841
前文分析到 UsernamePasswordAuthenticationFilter的时候,可以发现最终过滤器还是把用户登陆信息交给了认证管理器进行认证,如下面代码所示: this.getAuthenticationManager().authenticate(authRequest); 本文继续分析认证过程 AuthenticationManager AuthenticationManager...
spring security 安全策略加密解密处理过程
adsadadaddadasda的博客
03-09 4344
1.现在后台生成密钥对,把得到公钥的加密系数,加密指数,传个前台登录界面,进行加密//rsa生成密钥对,和加密解密函数。[java] view plain copypublic class RSAUtil  {    private static String RSAKeyStore = "RSAKey.txt"      public static KeyPair generateKeyPair...
Spring Security 3.1 自定义 authentication provider
weixin_33725515的博客
12-04 221
2019独角兽企业重金招聘Python工程师标准>>> ...
Spring Security源码学习
yuguang的博客
03-02 243
1、PasswordEncoder和PlaintextPasswordEncoder 密码校验 @Deprecated public interface PasswordEncoder { String encodePassword(String rawPass, Object salt); boolean isPasswordValid(String encPass, String rawPass, Object salt); } package org....
grails中使用BASE64加密
cheryl
10-19 594
grails中使用BASE64加密 在utils包下建立:PasswordCodec package encode import java.security.MessageDigest import sun.misc.BASE64Encoder /** * Created by admin on 2015/10/15. */ class PasswordCodec {
GRAILS课程学习记录总结
最新发布
09-18
Grails是一个致力于提高效率的开源Web应用框架,它融合了Java开发者常用的技术,主要是Spring和Hibernate,但并不仅限于简单的堆砌。从使用命令"grails create-app"开始,就能感受到与传统Java项目开发的不同之处。...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值