SpringSecurity的自定义用户密码验证

我的用户密码前台输入后,需要和用户名关联进行加密比较,所以重写了AuthenticationProvider的实现类进行处理;

@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private ISysUserService iSysUserService;
    @Autowired
    private PasswordEncorder passwordEncorder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String presentedPassword = (String)authentication.getCredentials();
        UserDetails userDeatils = null;
// 根据用户名获取用户信息 SysUser sysUser
= this.iSysUserService.getUserByName(username); if (StringUtils.isEmpty(sysUser)) { throw new BadCredentialsException("用户名不存在"); } else { userDeatils = new User(username, sysUser.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
// 自定义的加密规则,用户名、输的密码和数据库保存的盐值进行加密 String encodedPassword
= PasswordUtil.encrypt(username, presentedPassword, sysUser.getSalt()); if (authentication.getCredentials() == null) { throw new BadCredentialsException("登录名或密码错误"); } else if (!this.passwordEncorder.matches(encodedPassword, userDeatils.getPassword())) { throw new BadCredentialsException("登录名或密码错误"); } else { UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities()); result.setDetails(authentication.getDetails()); return result; } } } @Override public boolean supports(Class<?> authentication) { return true; } }
然后在SecurityConfiguration配置中启用
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.myAuthenticationProvider);
}
posted @ 2020-04-11 16:00  洋洋哥  阅读(6861)  评论(0编辑  收藏  举报