SpringSecurity的自定义用户密码验证
我的用户密码前台输入后,需要和用户名关联进行加密比较,所以重写了AuthenticationProvider的实现类进行处理;
@Component public class MyAuthenticationProvider implements AuthenticationProvider { @Autowired private ISysUserService iSysUserService; @Autowired private PasswordEncorder passwordEncorder; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getName(); String presentedPassword = (String)authentication.getCredentials(); UserDetails userDeatils = null;
// 根据用户名获取用户信息 SysUser sysUser = this.iSysUserService.getUserByName(username); if (StringUtils.isEmpty(sysUser)) { throw new BadCredentialsException("用户名不存在"); } else { userDeatils = new User(username, sysUser.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
// 自定义的加密规则,用户名、输的密码和数据库保存的盐值进行加密 String encodedPassword = PasswordUtil.encrypt(username, presentedPassword, sysUser.getSalt()); if (authentication.getCredentials() == null) { throw new BadCredentialsException("登录名或密码错误"); } else if (!this.passwordEncorder.matches(encodedPassword, userDeatils.getPassword())) { throw new BadCredentialsException("登录名或密码错误"); } else { UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities()); result.setDetails(authentication.getDetails()); return result; } } } @Override public boolean supports(Class<?> authentication) { return true; } }
然后在SecurityConfiguration配置中启用
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.myAuthenticationProvider);
}