Spring Security自定義登錄驗證（不使用userDetailsService）

一：功能說明

1. 實現了自定義登錄驗證（AuthenticationProvider）

 

二：具體代碼

1.自定義AuthenticationProvider

/**
 * @author LEI
 * Created by LEI on 2019/5/30.
 */
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    SecurityUserServiceImpl userService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        MyUserAuthentication myUserAuthentication = (MyUserAuthentication) authentication;
        String name = myUserAuthentication.getName();
        String password = myUserAuthentication.getCredentials().toString();
        String verifyCode = myUserAuthentication.getVerifyCode();

        // 驗證碼是否正確 測試寫死123456
        if(verifyCode.equals("123456")){
            UserDetails userDetails = userService.loadUserByUsername(name);
            //驗證用戶名
            if(userDetails == null||userDetails.getUsername() == null){
                throw new UsernameNotFoundException("用戶名未找到");
            }
            //驗證用戶密碼
            if(userDetails.getPassword().equals(DigestUtils.md5DigestAsHex(password.getBytes()))){
                //如果賬戶被禁用
                if(!userDetails.isEnabled()){
                    throw new DisabledException("用戶被禁用");
                }
               return new UsernamePasswordAuthenticationToken(name, null, userDetails.getAuthorities());
            }
            //用戶密碼錯誤
            throw new BadCredentialsException("用戶憑證錯誤");
        }else {
            throw new VerifyCodeException("驗證碼錯誤");
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(
                MyUserAuthentication.class);
    }
}

2.將Provider放到認證管理器中 

  說明： ProviderManager會依次調用各個AuthenticationProvider進行認證，認證成功後返回一個封裝了用戶權限等信息的Authentication對象。

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {    
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(myAuthenticationProvider);
  
        /*
  放棄以前的認證方式
  auth.userDetailsService(userService).passwordEncoder(new MyPasswordEncoder() {
            @Override
            public String encode(CharSequence charSequence) {
                return DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
            }

            *//**
             * @param charSequence 明文
             * @param s 密文
             * @return
             *//*
            @Override
            public boolean matches(CharSequence charSequence, String s) {
                System.err.println("matches--------->：" + charSequence);
                //如果s密碼輸入爲空
                return !StringUtils.isEmpty(s) && s.equals(DigestUtils.md5DigestAsHex(charSequence.toString().getBytes()));
            }

            @Override
            public void getUsername(String username) {
                System.err.println("username--------->：" + username);
            }
        });*/
    }
}