Spring Boot Security 多种登录方式集成配置思路及方法 账号用户名登录+微信网页授权登录

概述

实现账号用户名+微信网页授权登录集成在Spring Security的思路

前情提要

本思路完全抛弃Spring Security的配置式账号密码登录模式，采用完全独立的Filter、Provider、Details Service、Handler来分别配置方式。避免奇奇怪怪的坑爹问题发生。

PS：本文仅提供实现思路和配置方式，具体实现代码请自行处理，谢谢。

PS：本文谢绝转载。

——————————————————————————————————————————

Spring Security Config 配置方式

Spring Security Config AuthenticationManagerBuilder 配置：

    @Override
    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        /**
         * Normal Login Provider Config
         */
        authenticationManagerBuilder
                .authenticationProvider(smDaoAuthenticationProvider())
                .userDetailsService(smUserDetailsService)
                .passwordEncoder(new BCryptPasswordEncoder());
        /**
         * Weixin Login Provider Config
         */
        authenticationManagerBuilder
                .authenticationProvider(wxAuthenticationProvider())
                .userDetailsService(wxUserDetailsService);
    }

Spring Security Config Filter配置：

    /**
     * Register Security Auth Manager
     *
     * @return
     * @throws Exception
     */
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    
    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

     /**
     * Normal Login Filter Config
     *
     * @return
     */
    @Bean
    public SmAuthenticationProcessingFilter smAuthenticationProcessingFilter() {
        SmAuthenticationProcessingFilter filter = new SmAuthenticationProcessingFilter();
        filter.setAuthenticationManager(authenticationManager);
        filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        filter.setAuthenticationFailureHandler(authenticationFailureHandler);
        return filter;
    }
    
     /**
     * WeixinLogin Filter Config
     *
     * @return
     */
    @Bean
    public WxAuthenticationProcessingFilter wxAuthenticationProcessingFilter() {
        WxAuthenticationProcessingFilter filter = new WxAuthenticationProcessingFilter();
        filter.setAuthenticationManager(authenticationManager);
        filter.setAuthenticationFailureHandler(wxAuthenticationFailureHandler);
        return filter;
    }

Spring Security Http Config 配置

无需配置.login()等一系列地址参数，Filter中只需要定义好拦截的地址，在这里开放这些地址就可以了！

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .cors()
                .and()
                .csrf()
                .disable()
                .logout()
                .logoutUrl("/api/system/login/loginOut")
                .logoutSuccessHandler(logoutSuccessHandler)
                .permitAll()
                .and()
                .headers()
                .frameOptions()
                .disable()
                .and()
                .authorizeRequests()
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .antMatchers("/api/system/login/doLogin").permitAll()
                .antMatchers("/api/wx/doLogin").permitAll()
        http.authorizeRequests().antMatchers("/api/**").authenticated();

自定义Filter拦截地址定义

账户名密码登录Filter：

public class SmAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    public SmAuthenticationProcessingFilter() {
        super(new AntPathRequestMatcher("/api/system/login/doLogin", "POST"));
    }
    实现代码若干....
}

微信登录Filter：

public class WxAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    public WxAuthenticationProcessingFilter() {
        super(new AntPathRequestMatcher("/api/wx/doLogin", "GET"));
    }
    实现代码若干....
}