After my user password is entered in the foreground, it needs to be encrypted and compared with the user name association, so the implementation class of AuthenticationProvider is rewritten for processing;
@Component public class MyAuthenticationProvider implements AuthenticationProvider { @Autowired private ISysUserService iSysUserService; @Autowired private PasswordEncorder passwordEncorder; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getName(); String presentedPassword = (String)authentication.getCredentials(); UserDetails userDeatils = null;
// Acquire user information based on user name SysUser sysUser = this .iSysUserService.getUserByName (username); if (StringUtils.isEmpty (sysUser)) { throw new BadCredentialsException ("Username does not exist" ); } else { userDeatils = new User ( username, sysUser.getPassword (), AuthorityUtils.commaSeparatedStringToAuthorityList ("USER" ));
// Custom encryption rules, user name, input password and salt value stored in the database are encrypted String encodedPassword = PasswordUtil.encrypt (username, presentedPassword , sysUser.getSalt ()); if(authentication.getCredentials () == null ) { throw new BadCredentialsException ("Login name or password error" ); } else if (! this .passwordEncorder.matches (encodedPassword, userDeatils.getPassword ())) { throw new BadCredentialsException (" Incorrect login or password " ); } else { UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken (userDeatils, authentication.getCredentials (), userDeatils.getAuthorities ()); result.setDetails (authentication.getDetails ()); return result; } } } @Override public boolean supports(Class<?> authentication) { return true; } }
Then enable it in SecurityConfiguration
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.myAuthenticationProvider);
}