security模仿密碼登錄實現短信驗證碼登錄

模仿UsernamePasswordAuthenticationToken創建短信驗證碼的token類SmsAuthenticationToken

/*** 手機驗證碼認證token** @author shipc* @date 2021/12/13 21:22*/ public class SmsAuthenticationToken extends AbstractAuthenticationToken {private static final long serialVersionUID = 531L;/*** 手機號 ｜ 用戶信息*/private final Object principal;/*** 驗證碼*/private Object credentials;public SmsAuthenticationToken(Object principal, Object credentials) {super(null);this.principal = principal;this.credentials = credentials;this.setAuthenticated(false);}public SmsAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {super(authorities);this.principal = principal;this.credentials = credentials;this.setAuthenticated(true);}@Overridepublic Object getCredentials() {return credentials;}@Overridepublic Object getPrincipal() {return principal;}@Overridepublic void eraseCredentials() {super.eraseCredentials();this.credentials = null;} }

模仿UsernamePasswordAuthenticationFilter創建處理短信驗證碼的過濾器

public class UsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";private String usernameParameter = "username";private String passwordParameter = "password";private boolean postOnly = true;public UsernamePasswordAuthenticationFilter() {super(new AntPathRequestMatcher("/login", "POST"));}public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {if (this.postOnly && !request.getMethod().equals("POST")) {throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());} else {String username = this.obtainUsername(request);String password = this.obtainPassword(request);username = username.trim();UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);this.setDetails(request, authRequest);return this.getAuthenticationManager().authenticate(authRequest);}}@Nullableprotected String obtainPassword(HttpServletRequest request) {return request.getParameter(this.passwordParameter);}@Nullableprotected String obtainUsername(HttpServletRequest request) {return request.getParameter(this.usernameParameter);}protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));}public void setUsernameParameter(String usernameParameter) {Assert.hasText(usernameParameter, "Username parameter must not be empty or null");this.usernameParameter = usernameParameter;}public void setPasswordParameter(String passwordParameter) {Assert.hasText(passwordParameter, "Password parameter must not be empty or null");this.passwordParameter = passwordParameter;}public void setPostOnly(boolean postOnly) {this.postOnly = postOnly;}public final String getUsernameParameter() {return this.usernameParameter;}public final String getPasswordParameter() {return this.passwordParameter;} }

模仿DaoAuthenticationProvider創建處理SmsAuthenticationToken的Provider

/*** 短信驗證登錄provider** @author shipc* @date 2021/12/13 21:47*/ public class SmsAuthenticationProvider implements AuthenticationProvider {private SmsUserDetailsService userDetailsService;@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {final SmsAuthenticationToken smsAuthenticationToken = (SmsAuthenticationToken) authentication;final String mobile = smsAuthenticationToken.getPrincipal() == null ? "" :smsAuthenticationToken.getPrincipal().toString();final String code = smsAuthenticationToken.getCredentials().toString();if (code == null) {throw new SmsAuthenticationException(SmsAuthenticationHandler.AuthenticationStatus.NO_VERIFY_CODE);}checkSmsCode(mobile, code);// 根據手機號獲取用戶信息final UserDetails userDetails = userDetailsService.loadUserByUsername(mobile);return createSuccessAuthenticationToken(smsAuthenticationToken, userDetails);}private SmsAuthenticationToken createSuccessAuthenticationToken(SmsAuthenticationToken smsAuthenticationToken, UserDetails userDetails) {// 驗證成功后，構造一個已經認證的token并返回final SmsAuthenticationToken authenticationToken = new SmsAuthenticationToken(userDetails, null, userDetails.getAuthorities());authenticationToken.setDetails(smsAuthenticationToken.getDetails());return authenticationToken;}public void setUserDetailsService(SmsUserDetailsService userDetailsService) {this.userDetailsService = userDetailsService;}/*** 校驗手機號和驗證碼* @param mobile 手機號* @param code 驗證碼*/private void checkSmsCode(String mobile, String code) {final boolean flag = userDetailsService.checkSmsCode(mobile, code);if (!flag) {throw new SmsAuthenticationException(SmsAuthenticationHandler.AuthenticationStatus.BAD_VERIFY_CODE);}}@Overridepublic boolean supports(Class<?> aClass) {return SmsAuthenticationToken.class.isAssignableFrom(aClass);} }

模仿UserDetailsService

/*** 手機號驗證碼用戶service** @author shipc* @date 2021/12/15 00:22*/ public interface SmsUserDetailsService extends UserDetailsService {/*** 校驗驗證碼* @param mobile 手機號* @param code 驗證碼* @return true/false*/boolean checkSmsCode(String mobile, String code); }

創建配置類SmsCodeAuthenticationSecurityConfig

/*** 手機驗證碼認證配置** @author shipc* @date 2021/12/13 22:43*/ @Configuration public class SmsCodeAuthenticationSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {@Autowiredprivate SmsAuthenticationHandler smsAuthenticationHandler;@Autowiredprivate MobileUserDetailsServiceImpl mobileUserDetailsService;@Overridepublic void configure(HttpSecurity http) throws Exception {final SmsCodeAuthenticationFilter smsCodeAuthenticationFilter = new SmsCodeAuthenticationFilter();// 設置 authenticationManager, 不設置 認證流程會斷掉smsCodeAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));// 擴展認證信息smsCodeAuthenticationFilter.setAuthenticationDetailsSource(new ExtendWebAuthenticationDetailsSource());// 設置認證成功處理器smsCodeAuthenticationFilter.setAuthenticationSuccessHandler(smsAuthenticationHandler);// 設置認證失敗處理器smsCodeAuthenticationFilter.setAuthenticationFailureHandler(smsAuthenticationHandler);final SmsAuthenticationProvider smsAuthenticationProvider = new SmsAuthenticationProvider();smsAuthenticationProvider.setUserDetailsService(mobileUserDetailsService);// 將短信驗證過濾器添加到 security 中http.authenticationProvider(smsAuthenticationProvider).addFilterAfter(smsCodeAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);} }

創建配置類WebSecurityConfig繼承WebSecurityConfigurerAdapter，實現void configure(HttpSecurity http)方法。

@Overrideprotected void configure(HttpSecurity http) throws Exception {// ---- 其他省略// 應用短信驗證碼登錄http.apply(smsCodeAuthenticationSecurityConfig);http.csrf().disable();}

總結

以上是生活随笔為你收集整理的security模仿密码登录实现短信验证码登录的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。