SpringSecurity的自定义用户密码验证

我的用户密码前台输入后,需要和用户名关联进行加密比较,所以重写了AuthenticationProvider的实现类进行处理;

 

@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private ISysUserService iSysUserService;
    @Autowired
    private PasswordEncorder passwordEncorder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String presentedPassword = (String)authentication.getCredentials();
        UserDetails userDeatils = null;
// 根据用户名获取用户信息 SysUser sysUser = this.iSysUserService.getUserByName(username); if (StringUtils.isEmpty(sysUser)) { throw new BadCredentialsException("用户名不存在"); } else { userDeatils = new User(username, sysUser.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
// 自定义的加密规则,用户名、输的密码和数据库保存的盐值进行加密 String encodedPassword = PasswordUtil.encrypt(username, presentedPassword, sysUser.getSalt()); if (authentication.getCredentials() == null) { throw new BadCredentialsException("登录名或密码错误"); } else if (!this.passwordEncorder.matches(encodedPassword, userDeatils.getPassword())) { throw new BadCredentialsException("登录名或密码错误"); } else { UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities()); result.setDetails(authentication.getDetails()); return result; } } } @Override public boolean supports(Class<?> authentication) { return true; } }

然后在SecurityConfiguration配置中启用

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(this.myAuthenticationProvider);
}

 



 

上一篇:MVC5+EF6 入门完整教程4 :EF基本的CRUD


下一篇:(六)Spring Boot如何整合Mybatis【附详细步骤】