security模仿密碼登錄實(shí)現(xiàn)短信驗(yàn)證碼登錄

模仿UsernamePasswordAuthenticationToken創(chuàng)建短信驗(yàn)證碼的token類SmsAuthenticationToken

/*** 手機(jī)驗(yàn)證碼認(rèn)證token** @author shipc* @date 2021/12/13 21:22*/ public class SmsAuthenticationToken extends AbstractAuthenticationToken {private static final long serialVersionUID = 531L;/*** 手機(jī)號 ｜ 用戶信息*/private final Object principal;/*** 驗(yàn)證碼*/private Object credentials;public SmsAuthenticationToken(Object principal, Object credentials) {super(null);this.principal = principal;this.credentials = credentials;this.setAuthenticated(false);}public SmsAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {super(authorities);this.principal = principal;this.credentials = credentials;this.setAuthenticated(true);}@Overridepublic Object getCredentials() {return credentials;}@Overridepublic Object getPrincipal() {return principal;}@Overridepublic void eraseCredentials() {super.eraseCredentials();this.credentials = null;} }

模仿UsernamePasswordAuthenticationFilter創(chuàng)建處理短信驗(yàn)證碼的過濾器

public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";private String usernameParameter = "username";private String passwordParameter = "password";private boolean postOnly = true;public UsernamePasswordAuthenticationFilter() {super(new AntPathRequestMatcher("/login", "POST"));}public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {if (this.postOnly && !request.getMethod().equals("POST")) {throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());} else {String username = this.obtainUsername(request);String password = this.obtainPassword(request);username = username.trim();UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);this.setDetails(request, authRequest);return this.getAuthenticationManager().authenticate(authRequest);}}@Nullableprotected String obtainPassword(HttpServletRequest request) {return request.getParameter(this.passwordParameter);}@Nullableprotected String obtainUsername(HttpServletRequest request) {return request.getParameter(this.usernameParameter);}protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));}public void setUsernameParameter(String usernameParameter) {Assert.hasText(usernameParameter, "Username parameter must not be empty or null");this.usernameParameter = usernameParameter;}public void setPasswordParameter(String passwordParameter) {Assert.hasText(passwordParameter, "Password parameter must not be empty or null");this.passwordParameter = passwordParameter;}public void setPostOnly(boolean postOnly) {this.postOnly = postOnly;}public final String getUsernameParameter() {return this.usernameParameter;}public final String getPasswordParameter() {return this.passwordParameter;} }

模仿DaoAuthenticationProvider創(chuàng)建處理SmsAuthenticationToken的Provider

/*** 短信驗(yàn)證登錄provider** @author shipc* @date 2021/12/13 21:47*/ public class SmsAuthenticationProvider implements AuthenticationProvider {private SmsUserDetailsService userDetailsService;@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {final SmsAuthenticationToken smsAuthenticationToken = (SmsAuthenticationToken) authentication;final String mobile = smsAuthenticationToken.getPrincipal() == null ? "" :smsAuthenticationToken.getPrincipal().toString();final String code = smsAuthenticationToken.getCredentials().toString();if (code == null) {throw new SmsAuthenticationException(SmsAuthenticationHandler.AuthenticationStatus.NO_VERIFY_CODE);}checkSmsCode(mobile, code);// 根據(jù)手機(jī)號獲取用戶信息final UserDetails userDetails = userDetailsService.loadUserByUsername(mobile);return createSuccessAuthenticationToken(smsAuthenticationToken, userDetails);}private SmsAuthenticationToken createSuccessAuthenticationToken(SmsAuthenticationToken smsAuthenticationToken, UserDetails userDetails) {// 驗(yàn)證成功后，構(gòu)造一個已經(jīng)認(rèn)證的token并返回final SmsAuthenticationToken authenticationToken = new SmsAuthenticationToken(userDetails, null, userDetails.getAuthorities());authenticationToken.setDetails(smsAuthenticationToken.getDetails());return authenticationToken;}public void setUserDetailsService(SmsUserDetailsService userDetailsService) {this.userDetailsService = userDetailsService;}/*** 校驗(yàn)手機(jī)號和驗(yàn)證碼* @param mobile 手機(jī)號* @param code 驗(yàn)證碼*/private void checkSmsCode(String mobile, String code) {final boolean flag = userDetailsService.checkSmsCode(mobile, code);if (!flag) {throw new SmsAuthenticationException(SmsAuthenticationHandler.AuthenticationStatus.BAD_VERIFY_CODE);}}@Overridepublic boolean supports(Class<?> aClass) {return SmsAuthenticationToken.class.isAssignableFrom(aClass);} }

模仿UserDetailsService

/*** 手機(jī)號驗(yàn)證碼用戶service** @author shipc* @date 2021/12/15 00:22*/ public interface SmsUserDetailsService extends UserDetailsService {/*** 校驗(yàn)驗(yàn)證碼* @param mobile 手機(jī)號* @param code 驗(yàn)證碼* @return true/false*/boolean checkSmsCode(String mobile, String code); }

創(chuàng)建配置類SmsCodeAuthenticationSecurityConfig

/*** 手機(jī)驗(yàn)證碼認(rèn)證配置** @author shipc* @date 2021/12/13 22:43*/ @Configuration public class SmsCodeAuthenticationSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {@Autowiredprivate SmsAuthenticationHandler smsAuthenticationHandler;@Autowiredprivate MobileUserDetailsServiceImpl mobileUserDetailsService;@Overridepublic void configure(HttpSecurity http) throws Exception {final SmsCodeAuthenticationFilter smsCodeAuthenticationFilter = new SmsCodeAuthenticationFilter();// 設(shè)置 authenticationManager, 不設(shè)置 認(rèn)證流程會斷掉smsCodeAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));// 擴(kuò)展認(rèn)證信息smsCodeAuthenticationFilter.setAuthenticationDetailsSource(new ExtendWebAuthenticationDetailsSource());// 設(shè)置認(rèn)證成功處理器smsCodeAuthenticationFilter.setAuthenticationSuccessHandler(smsAuthenticationHandler);// 設(shè)置認(rèn)證失敗處理器smsCodeAuthenticationFilter.setAuthenticationFailureHandler(smsAuthenticationHandler);final SmsAuthenticationProvider smsAuthenticationProvider = new SmsAuthenticationProvider();smsAuthenticationProvider.setUserDetailsService(mobileUserDetailsService);// 將短信驗(yàn)證過濾器添加到 security 中http.authenticationProvider(smsAuthenticationProvider).addFilterAfter(smsCodeAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);} }

創(chuàng)建配置類WebSecurityConfig繼承WebSecurityConfigurerAdapter，實(shí)現(xiàn)void configure(HttpSecurity http)方法。

@Overrideprotected void configure(HttpSecurity http) throws Exception {// ---- 其他省略// 應(yīng)用短信驗(yàn)證碼登錄http.apply(smsCodeAuthenticationSecurityConfig);http.csrf().disable();}

總結(jié)

以上是生活随笔為你收集整理的security模仿密码登录实现短信验证码登录的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。