版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/f1370335844/article/details/80084402
第二种自定义密码验证的方式是,实现PasswordEncoder,但个人感觉没实现AuthenticationProvider更加可扩展,方便。因为我加不了存在数据库中的salt进去。
在PasswordEncoder的实现类当中,可以选择用spring security自带的Md5PasswordEncoder,ShaPasswordEncoder进行加密。
Spring security配置主类:
/**
* Created by fjc on 2018-04-17.
*/
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;
@Autowired
CustomSuccessHandler customSuccessHandler;
@Bean
public PasswordEncoder passwordEncoder() {
return new CustomPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/user/welcome**").permitAll()
.antMatchers("/user/save").permitAll()
.antMatchers("/user/admin**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/user/dba**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
.and().formLogin().loginPage("/user/login").failureUrl("/user/login?error").successHandler(customSuccessHandler)
.usernameParameter("ssoId").passwordParameter("password")
.and().csrf()
.and().exceptionHandling().accessDeniedPage("/user/login?access");
}
}
UserDetailsService实现类:
/**
* Created by fjc on 2018/4/22.
*/
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserMapper userMapper;
@Autowired
private UserProfileMapper userProfileMapper;
public UserDetails loadUserByUsername(String ssoId) throws UsernameNotFoundException {
User user = userMapper.findBySso(ssoId);
System.out.println("User : "+user);
if(user==null){
System.out.println("User not found");
throw new UsernameNotFoundException("Username not found");
}
return new org.springframework.security.core.userdetails.User(user.getSso_id(), user.getPassword(),
user.getState().equals("Active"), true, true, true, getGrantedAuthorities(user.getId()));
}
private List<GrantedAuthority> getGrantedAuthorities(int userid){
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
List<UserProfile> list = userProfileMapper.findUserProfileByUserid(userid);
for(UserProfile userProfile : list){
System.out.println("UserProfile : "+userProfile);
authorities.add(new SimpleGrantedAuthority("ROLE_"+userProfile.getType()));
}
System.out.print("authorities :"+authorities);
return authorities;
}
}
PasswordEncoder实现类:
/**
* Created by fjc on 2018-04-25.
*/
@Component
public class CustomPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
String pwd = charSequence.toString();
System.out.println("前端传过来的明文密码:" + pwd);
Md5PasswordEncoder encoder = new Md5PasswordEncoder();
String md5Pwd = encoder.encodePassword(pwd,"").toUpperCase();
System.out.println("加密后:" + md5Pwd);
return md5Pwd;
}
@Override
public boolean matches(CharSequence charSequence, String s) {
String pwd = charSequence.toString();
System.out.println("前端传过来的明文密码:" + pwd);
Md5PasswordEncoder encoder = new Md5PasswordEncoder();
String md5Pwd = encoder.encodePassword(pwd,"").toUpperCase();
System.out.println("加密后:" + md5Pwd);
if(md5Pwd.equals(s)){
System.out.println("pass");
return true;
}
throw new DisabledException("--密码错误--");
}
}