实现 UserDetailsService,定义用户查询的方法
@Service
public class UserDetailsServiceImpl implements UserDetailsService
{
private static final Logger log = LoggerFactory . getLogger ( UserDetailsServiceImpl . class ) ;
@Autowired
private ISysUserService userService;
@Autowired
private SysPermissionService permissionService;
@Override
public UserDetails loadUserByUsername ( String username) throws UsernameNotFoundException
{
SysUser user = userService. selectUserByUserName ( username) ;
if ( StringUtils . isNull ( user) )
{
log. info ( "登录用户:{} 不存在." , username) ;
throw new ServiceException ( "登录用户:" + username + " 不存在" ) ;
}
else if ( UserStatus . DELETED. getCode ( ) . equals ( user. getDelFlag ( ) ) )
{
log. info ( "登录用户:{} 已被删除." , username) ;
throw new ServiceException ( "对不起,您的账号:" + username + " 已被删除" ) ;
}
else if ( UserStatus . DISABLE. getCode ( ) . equals ( user. getStatus ( ) ) )
{
log. info ( "登录用户:{} 已被停用." , username) ;
throw new ServiceException ( "对不起,您的账号:" + username + " 已停用" ) ;
}
return createLoginUser ( user) ;
}
public UserDetails createLoginUser ( SysUser user)
{
return new LoginUser ( user. getUserId ( ) , user. getDeptId ( ) , user, permissionService. getMenuPermission ( user) ) ;
}
}
创建自己的AuthenticationToken 继承 AbstractAuthenticationToken
public class MyLoginAuthenticationToken extends AbstractAuthenticationToken {
private final Object principal;
private Object credentials;
public MyLoginAuthenticationToken ( Object principal, Object credentials) {
super ( ( Collection ) null ) ;
this . principal = principal;
this . credentials = credentials;
this . setAuthenticated ( false ) ;
}
public MyLoginAuthenticationToken ( Object principal, Object credentials, Collection < ? extends GrantedAuthority > authorities) {
super ( authorities) ;
this . principal = principal;
this . credentials = credentials;
super . setAuthenticated ( true ) ;
}
@Override
public Object getCredentials ( ) {
return this . credentials;
}
@Override
public Object getPrincipal ( ) {
return this . principal;
}
@Override
public void setAuthenticated ( boolean isAuthenticated) throws IllegalArgumentException {
if ( isAuthenticated) {
throw new IllegalArgumentException ( "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead" ) ;
} else {
super . setAuthenticated ( false ) ;
}
}
@Override
public void eraseCredentials ( ) {
super . eraseCredentials ( ) ;
this . credentials = null ;
}
}
接口调用
@Resource
private AuthenticationManager authenticationManager;
Authentication authentication = null ;
try
{
authentication = authenticationManager
. authenticate ( new MyLoginAuthenticationToken ( username, idCard) ) ;
}
catch ( Exception e)
{
if ( e instanceof BadCredentialsException )
{
AsyncManager . me ( ) . execute ( AsyncFactory . recordLogininfor ( username, Constants . LOGIN_FAIL, MessageUtils . message ( "user.password.not.match" ) ) ) ;
throw new UserPasswordNotMatchException ( ) ;
}
else
{
AsyncManager . me ( ) . execute ( AsyncFactory . recordLogininfor ( username, Constants . LOGIN_FAIL, e. getMessage ( ) ) ) ;
throw new ServiceException ( e. getMessage ( ) ) ;
}
配置类
@EnableGlobalMethodSecurity ( prePostEnabled = true , securedEnabled = true )
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationEntryPointImpl unauthorizedHandler;
@Autowired
private LogoutSuccessHandlerImpl logoutSuccessHandler;
@Autowired
private JwtAuthenticationTokenFilter authenticationTokenFilter;
@Autowired
private CorsFilter corsFilter;
@Autowired
private MyAuthenticationProvider myAuthenticationProvider;
@Bean
@Override
public AuthenticationManager authenticationManagerBean ( ) throws Exception
{
return super . authenticationManagerBean ( ) ;
}
@Override
protected void configure ( HttpSecurity httpSecurity) throws Exception
{
httpSecurity
. csrf ( ) . disable ( )
. exceptionHandling ( ) . authenticationEntryPoint ( unauthorizedHandler) . and ( )
. sessionManagement ( ) . sessionCreationPolicy ( SessionCreationPolicy . STATELESS) . and ( )
. authorizeRequests ( )
. antMatchers ( "/login" , "/register" , "/captchaImage" , "/out/hunan/login" , "/shengchan/test" , "/shengchan/test2" , "/noLogin/**" ) . anonymous ( )
. antMatchers (
HttpMethod . GET,
"/" ,
"/*.html" ,
"/**/*.html" ,
"/**/*.css" ,
"/**/*.js" ,
"/profile/**"
, "/accident/accident/**"
) . permitAll ( )
. antMatchers ( "/swagger-ui.html" ) . anonymous ( )
. antMatchers ( "/swagger-resources/**" ) . anonymous ( )
. antMatchers ( "/webjars/**" ) . anonymous ( )
. antMatchers ( "/*/api-docs" ) . anonymous ( )
. antMatchers ( "/druid/**" ) . anonymous ( )
. anyRequest ( ) . authenticated ( )
. and ( )
. headers ( ) . frameOptions ( ) . disable ( ) ;
httpSecurity. logout ( ) . logoutUrl ( "/logout" ) . logoutSuccessHandler ( logoutSuccessHandler) ;
httpSecurity. addFilterBefore ( authenticationTokenFilter, UsernamePasswordAuthenticationFilter . class ) ;
httpSecurity. addFilterBefore ( corsFilter, JwtAuthenticationTokenFilter . class ) ;
httpSecurity. addFilterBefore ( corsFilter, LogoutFilter . class ) ;
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder ( )
{
return new BCryptPasswordEncoder ( ) ;
}
@Override
protected void configure ( AuthenticationManagerBuilder auth) throws Exception
{
auth. authenticationProvider ( myAuthenticationProvider) ;
auth. userDetailsService ( userDetailsService) . passwordEncoder ( bCryptPasswordEncoder ( ) ) ;
}
}
自定义密码校验
* *
* 自定义密码验证
* @author xzx
* @date 2021 / 10 / 12 8 : 54
* /
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
private static final Logger log = LoggerFactory . getLogger ( MyAuthenticationProvider . class ) ;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private SysUserMapper sysUserMapper;
@Override
public Authentication authenticate ( Authentication authentication) throws AuthenticationException {
System . out. println ( "第三方登录认证开始..." ) ;
String username = ( authentication. getPrincipal ( ) == null ) ? "NONE_PROVIDED" : authentication. getName ( ) ;
String idCard = ( String ) authentication. getCredentials ( ) ;
SysUser user = sysUserMapper. selectUserByIdCard ( idCard) ;
if ( Objects . isNull ( user) ) {
log. info ( "链接登录用户身份证号:{} 不存在." , idCard) ;
throw new ServiceException ( "登录用户身份证号:" + idCard + " 不存在" ) ;
}
UserDetails details = userDetailsService. loadUserByUsername ( username) ;
MyLoginAuthenticationToken result = new MyLoginAuthenticationToken ( username, idCard) ;
result. setDetails ( details) ;
System . out. println ( "第三方登录认证成功..." ) ;
return result;
}
@Override
public boolean supports ( Class < ? > aClass) {
System . out. println ( "第三方登录验证" ) ;
return MyLoginAuthenticationToken . class . isAssignableFrom ( aClass) ;
}
}