其他分享
首页 > 其他分享> > 基于SpringSecurity google 二次验证

基于SpringSecurity google 二次验证

作者:互联网

主要就是 增加安全性,类似于 短信二次验证一样,不过Google 二次验证 提供的是开源一套算法,节约成本,很多网站为了真加安全性,都开启了二次验证 。

java 具体思路
  1. 网站或者服务端 开启二次验证 ,引入开源工具包
  1. 编写对应的工具类,生成二维码链接,用户扫描绑定 秘钥key

  2. 自定义 AuthenticationProvider,UsernamePasswordAuthenticationToken 在校验完用户密码后再 处理 google 校验逻辑

代码
  1. 修改配置SpringSecurity
httpSecurity.authenticationProvider(new CustomerAuthenticationProvider(userDetailsService,bCryptPasswordEncoder()));
  1. 自定义 CustomerAuthenticationProvider,CustomerUsernamePasswordAuthenticationToken 直接继承重写父类方法就行

    
    
    public class CustomerAuthenticationProvider extends DaoAuthenticationProvider {
    
        public CustomerAuthenticationProvider(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
            super();
            setUserDetailsService(userDetailsService);
            setPasswordEncoder(bCryptPasswordEncoder);
        }
    
        protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
            if (authentication.getCredentials() == null) {
                this.logger.debug("Failed to authenticate since no credentials provided");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            } else {
                String presentedPassword = authentication.getCredentials().toString();
                if (!getPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) {
                    this.logger.debug("Failed to authenticate since password does not match stored value");
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                googleAuthenticator((LoginUser) userDetails, (CustomerUsernamePasswordAuthenticationToken) authentication);
    
            }
        }
    
        /**
         * Google 二次验证
         * @param userDetails
         * @param authentication
         */
        private void googleAuthenticator(LoginUser userDetails, CustomerUsernamePasswordAuthenticationToken authentication) {
            // Google 二次验证
            LoginUser loginUser = userDetails;
            SysUser user = loginUser.getUser();
            String googleAuthSecret = user.getGoogleAuthSecret();
            if(StringUtils.isBlank(googleAuthSecret)){
                throw new ServiceException(GOOGLE_AUTHENTICATOR_401001.getMsg(),GOOGLE_AUTHENTICATOR_401001.getCode());
            }
            CustomerUsernamePasswordAuthenticationToken customerToken = authentication;
            String code = customerToken.getCode();
            boolean valid = GoogleAuthenticatorUtils.valid(googleAuthSecret, Integer.valueOf(code).intValue());
            if(!valid){
                throw new ServiceException("Google Authenticator 验证码错误");
            }
        }
    
    }
    
    public class CustomerUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {
        /**
         * Google 二次验证 生成 code
         */
        private String code;
    
        public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials) {
            super(principal, credentials);
        }
    
        public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials,String code) {
            super(principal, credentials);
            this.code = code;
        }
    
        public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
            super(principal, credentials, authorities);
    
        }
    
        public String getCode() {
            return code;
        }
    
        public void setCode(String code) {
            this.code = code;
        }
    }
    
    // 调用自定义 CustomerUsernamePasswordAuthenticationToken
    authentication = authenticationManager
                        .authenticate(new CustomerUsernamePasswordAuthenticationToken(username, password,code));
    

标签:code,String,验证,CustomerUsernamePasswordAuthenticationToken,SpringSecurity,authen
来源: https://www.cnblogs.com/lyc88/p/15703854.html