查網(wǎng)上資料增加短信驗(yàn)證碼登錄都要增加一大推，要重頭寫Spring Security的實(shí)現(xiàn)，我呢，只想在原來的密碼登錄基礎(chǔ)上簡(jiǎn)單實(shí)現(xiàn)一下短信驗(yàn)證碼登錄。
1、首先得先一個(gè)認(rèn)證類，來認(rèn)證驗(yàn)證碼是否正確，這個(gè)類要實(shí)現(xiàn)Spring Security提供的AuthenticationProvider接口
2、其次需要一個(gè)認(rèn)證令牌的類，作為你的認(rèn)證信息，這個(gè)類要繼承Spring Security提供的AbstractAuthenticationToken抽象類
3、然后要把你的認(rèn)證類加到spring security配置中，就是繼承WebSecurityConfigurerAdapter的類
4、最后就是登陸時(shí)調(diào)用Spring Security的認(rèn)證了
上代碼：
1、認(rèn)證類

import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component;@Component public class SmsAuthenticationProvider implements AuthenticationProvider {//用戶驗(yàn)證處理 實(shí)現(xiàn)Spring Security提供的UserDetailsService的類 下面會(huì)給這個(gè)類private UserDetailsServiceImpl userDetailsServiceImpl;//redis緩存 用你的緩存就行 這個(gè)就不給了 用來存放驗(yàn)證碼的private RedisCache redisCache;public SmsAuthenticationProvider(@Qualifier("userDetailsServiceImpl") UserDetailsServiceImpl smsUserDetailsServiceImpl, RedisCache redisCache) {this.userDetailsServiceImpl = smsUserDetailsServiceImpl;this.redisCache = redisCache;}@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;Object principal = authentication.getPrincipal();// 獲取憑證也就是用戶的手機(jī)號(hào)String phone = "";if (principal instanceof String) {phone = (String) principal;}String inputCode = (String) authentication.getCredentials(); // 獲取輸入的驗(yàn)證碼Integer cacheObject = redisCache.getCacheObject("login"+phone);// 1. 檢驗(yàn)Redis手機(jī)號(hào)的驗(yàn)證碼if (cacheObject == null) {throw new BadCredentialsException("驗(yàn)證碼已經(jīng)過期或尚未發(fā)送，請(qǐng)重新發(fā)送驗(yàn)證碼");}if (!inputCode.equals(cacheObject+"")) {throw new BadCredentialsException("輸入的驗(yàn)證碼不正確，請(qǐng)重新輸入");}// 2. 根據(jù)手機(jī)號(hào)查詢用戶信息UserDetails userDetails = userDetailsServiceImpl.loadUserByUsername(phone);if (userDetails == null) {throw new InternalAuthenticationServiceException("phone用戶不存在，請(qǐng)注冊(cè)");}// 3. 重新創(chuàng)建已認(rèn)證對(duì)象,SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(userDetails, inputCode, userDetails.getAuthorities());authenticationResult.setDetails(authenticationToken.getDetails());return authenticationResult;}@Overridepublic boolean supports(Class<?> aClass) {return SmsCodeAuthenticationToken.class.isAssignableFrom(aClass);} }

UserDetailsServiceImpl類 這里面的東西就不固定了 想咋寫就咋寫 主要是loadUserByUsername方法 這個(gè)必須有 返回的UserDetails（Spring Security提供的用來存放用戶信息的類，你可以隨便寫個(gè)類實(shí)現(xiàn)這個(gè)類，然后你就可以存放你自己要用的信息了）loadUserByUsername這個(gè)方法會(huì)在調(diào)用Spring Security的認(rèn)證時(shí)用 我會(huì)在代碼中表明在哪塊會(huì)調(diào)用到這個(gè)類

import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service;/*** 用戶驗(yàn)證處理** @author ruoyi*/ @Service public class UserDetailsServiceImpl implements UserDetailsService {private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);@Autowiredprivate ISysUserService userService;@Autowiredprivate SysPermissionService permissionService;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{SysUser user = userService.selectUserByUserNameOrPhone(username);if (StringUtils.isNull(user)){log.info("登錄用戶：{} 不存在.", username);throw new ServiceException("登錄用戶：" + username + " 不存在");}else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())){log.info("登錄用戶：{} 已被刪除.", username);throw new ServiceException("對(duì)不起，您的賬號(hào)：" + username + " 已被刪除");}else if (UserStatus.DISABLE.getCode().equals(user.getStatus())){log.info("登錄用戶：{} 已被停用.", username);throw new ServiceException("對(duì)不起，您的賬號(hào)：" + username + " 已停用");}return createLoginUser(user);}public UserDetails createLoginUser(SysUser user){return new LoginUser(user.getUserId(), user.getDeptId(), user.getClinicId(), user, permissionService.getMenuPermission(user));} }

2、存放認(rèn)證令牌

import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityCoreVersion;import java.util.Collection;public class SmsCodeAuthenticationToken extends AbstractAuthenticationToken {private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;private final Object principal; //存放認(rèn)證信息，認(rèn)證之前存放手機(jī)號(hào)，認(rèn)證之后存放登錄的用戶private Object credentials;public SmsCodeAuthenticationToken(String mobile, Object credentials) {super(null);this.principal = mobile;this.credentials = credentials;this.setAuthenticated(false);}public SmsCodeAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {super(authorities);this.principal = principal;this.credentials = credentials;super.setAuthenticated(true);}public Object getCredentials() {return this.credentials;}public Object getPrincipal() {return this.principal;}public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {if (isAuthenticated) {throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");} else {super.setAuthenticated(false);}}public void eraseCredentials() {super.eraseCredentials();this.credentials = null;} }

3、spring security配置


4、登錄調(diào)用認(rèn)證

/*** 驗(yàn)證碼登錄* * @param username 用戶名* @param code 驗(yàn)證碼* @return 結(jié)果*/public String loginSms(String phone, String smsCode){// 用戶驗(yàn)證Authentication authentication = null;try{// 該方法會(huì)去調(diào)用UserDetailsServiceImpl.loadUserByUsername（這塊調(diào)用了UserDetailsServiceImpl的loadUserByUsername）authentication = authenticationManager.authenticate(new SmsCodeAuthenticationToken(phone, smsCode));}catch (Exception e){if (e instanceof BadCredentialsException){AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, null,Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));throw new UserPasswordNotMatchException();}else{AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, null,Constants.LOGIN_FAIL, e.getMessage()));throw new ServiceException(e.getMessage());}}LoginUser loginUser = (LoginUser) authentication.getPrincipal();AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, loginUser.getClinicId(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));//上面已經(jīng)結(jié)束了 剩下交給你自己了recordLoginInfo(loginUser.getUserId());// 生成token 這塊你們根據(jù)你們的業(yè)務(wù)自己寫了 tokenService.createToken使我們的業(yè)務(wù)方法return tokenService.createToken(loginUser);}

總結(jié)

以上是生活随笔為你收集整理的Spring Security简单增加短信验证码登录的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。