SpringSecurity的自定义用户密码验证
作者:互联网
我的用户密码前台输入后,需要和用户名关联进行加密比较,所以重写了AuthenticationProvider的实现类进行处理;
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Autowired
private ISysUserService iSysUserService;
@Autowired
private PasswordEncorder passwordEncorder;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String presentedPassword = (String)authentication.getCredentials();
UserDetails userDeatils = null;
// 根据用户名获取用户信息
SysUser sysUser = this.iSysUserService.getUserByName(username);
if (StringUtils.isEmpty(sysUser)) {
throw new BadCredentialsException("用户名不存在");
} else {
userDeatils = new User(username, sysUser.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
// 自定义的加密规则,用户名、输的密码和数据库保存的盐值进行加密
String encodedPassword = PasswordUtil.encrypt(username, presentedPassword, sysUser.getSalt());
if (authentication.getCredentials() == null) {
throw new BadCredentialsException("登录名或密码错误");
} else if (!this.passwordEncorder.matches(encodedPassword, userDeatils.getPassword())) {
throw new BadCredentialsException("登录名或密码错误");
} else {
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities());
result.setDetails(authentication.getDetails());
return result;
}
}
}
@Override
public boolean supports(Class<?> authentication) {
return true;
}
}
然后在SecurityConfiguration配置中启用
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.myAuthenticationProvider);
}
标签:userDeatils,username,String,自定义,验证,SpringSecurity,authentication,sysUser,new 来源: https://www.cnblogs.com/brucebai/p/12680494.html