This article is based on the above SpringSecurityOAuth2(5) custom login and logout
On the basis of encapsulating a layer of RestTemplate request. Request code, use redis to save the time-limited cache with the username, for example, save the cache for 60 seconds, and pass the code verification before the login request to verify the username and password.
Log in to set the verification code. The verification code is valid for 1 minute. After the login is successful or the maximum time is reached, the verification code will become invalid. The verification code is stored in redis with the keyword of username _code, and the expiration time is set. After the username + verification code matches, the next token generation is performed. After the token is generated, the verification code is deleted.
Modify the tokenController code in (5) (this article only shows the implementation idea, the code directly generates random numbers)
@PostMapping("/login")
public ResponseVo login(HttpServletRequest request) throws UnsupportedEncodingException {
String header = request.getHeader("Authorization");
if (header == null && !header.startsWith("Basic")) {
return new ResponseVo(400, "请求头中缺少参数");
}
String code = request.getParameter("code");
String username = request.getParameter("username");
if(code==null){
return new ResponseVo(500,"验证码缺失");
}
String old_code =redisTemplate.opsForValue().get(username+"_code");
if(old_code==null){
return new ResponseVo(500,"验证码不存在或者已经过期");
}
if(!code.equals(old_code)){
return new ResponseVo(500,"验证码错误");
}
String url = "http://" + request.getRemoteAddr() + ":" + request.getServerPort() + "/oauth/token";
Map<String, Object> map = new HashMap<>();
map.put("grant_type", "password");
map.put("username", username);
map.put("password", request.getParameter("password"));
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", header);
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); // 必须该模式,不然请求端无法取到 grant_type
HttpEntity httpEntity = new HttpEntity<>(headers);
ResponseEntity<String> response = restTemplate.postForEntity(url + "?" + LinkStringUtil.createLinkStringByGet(map), httpEntity, String.class);
if (response.getStatusCodeValue() == 200) {
return new ResponseVo(200, "登录成功", JSONObject.parseObject(response.getBody()));
} else {
return new ResponseVo(500, "登录失败");
}
}
@PostMapping("/getCode")
public String getCode(String username) {
String code = String.valueOf(Math.random() * 100);
redisTemplate.opsForValue().set(username + "_code", code, 60, TimeUnit.SECONDS);
return "code is " + code;
}
Verification passed:
The verification code is invalid or wrong:
