一:功能說明
- 實現了自定義登錄驗證(AuthenticationProvider)
二:具體代碼
1.自定義AuthenticationProvider
/**
* @author LEI
* Created by LEI on 2019/5/30.
*/
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Autowired
SecurityUserServiceImpl userService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
MyUserAuthentication myUserAuthentication = (MyUserAuthentication) authentication;
String name = myUserAuthentication.getName();
String password = myUserAuthentication.getCredentials().toString();
String verifyCode = myUserAuthentication.getVerifyCode();
// 驗證碼是否正確 測試寫死123456
if(verifyCode.equals("123456")){
UserDetails userDetails = userService.loadUserByUsername(name);
//驗證用戶名
if(userDetails == null||userDetails.getUsername() == null){
throw new UsernameNotFoundException("用戶名未找到");
}
//驗證用戶密碼
if(userDetails.getPassword().equals(DigestUtils.md5DigestAsHex(password.getBytes()))){
//如果賬戶被禁用
if(!userDetails.isEnabled()){
throw new DisabledException("用戶被禁用");
}
return new UsernamePasswordAuthenticationToken(name, null, userDetails.getAuthorities());
}
//用戶密碼錯誤
throw new BadCredentialsException("用戶憑證錯誤");
}else {
throw new VerifyCodeException("驗證碼錯誤");
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
MyUserAuthentication.class);
}
}
2.將Provider放到認證管理器中
說明: ProviderManager會
依次調用各個AuthenticationProvider
進行認證,認證成功後返回一個封裝了用戶權限等信息的Authentication
對象。
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(myAuthenticationProvider);
/*
放棄以前的認證方式
auth.userDetailsService(userService).passwordEncoder(new MyPasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
}
*//**
* @param charSequence 明文
* @param s 密文
* @return
*//*
@Override
public boolean matches(CharSequence charSequence, String s) {
System.err.println("matches--------->:" + charSequence);
//如果s密碼輸入爲空
return !StringUtils.isEmpty(s) && s.equals(DigestUtils.md5DigestAsHex(charSequence.toString().getBytes()));
}
@Override
public void getUsername(String username) {
System.err.println("username--------->:" + username);
}
});*/
}
}