Spring Security 之多AuthenticationProvider认证模式实现

AuthenticationProvider实现ProviderManager会按照加入认证请求链中的顺序来验证,前文的源码分析及实现原理已经说的很清楚了,本文直接看代码实现;

AuthenticationProvider认证类UserSmsAuthenticationProvider实现

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
/**
* @Description: 用户自定义身份认证, 短信验证码模式
* @Package: cn.appblog.security.oauth2.provider.UserSmsAuthenticationProvider
* @Version: 1.0
*/
@Slf4j
@Component
public class UserSmsAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserAuthDetailsService authUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private ApplicationEventPublisher publisher;

/**
* 认证处理,返回一个Authentication的实现类则代表认证成功,返回null则代表认证失败
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
//测试,正式环境应该根据登录认证的通道来进行认证
String username = authentication.getName();
String smsCode = (String) authentication.getCredentials();
log.info("smsCode: {}", smsCode);
if (StringUtils.isBlank(username)) {
throw new UsernameNotFoundException("username用户名不可以为空");
}
if (StringUtils.isBlank(smsCode)) {
throw new BadCredentialsException("验证码不可以为空");
}
//获取用户信息
UserDetails user = authUserDetailsService.loadUserByUsername(username);
String smsCodeCache = "888888";
//比较前端传入的短信验证码明文和预置的短信验证码是否相等
if (!smsCodeCache.equals(smsCode)) {
//发布短信验证码不正确事件
publisher.publishEvent(new UserLoginFailedEvent(authentication));
throw new BadCredentialsException("sms_code验证码不正确");
}
//获取用户权限信息
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, smsCode, authorities);
}

/**
* 如果该AuthenticationProvider支持传入的Authentication对象,则返回true
*/
@Override
public boolean supports(Class<?> aClass) {
return aClass.equals(UsernamePasswordAuthenticationToken.class);
}
}

AuthenticationProvider认证类UserAuthenticationProvider实现

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
/**
* @Description: 用户自定义身份认证
* @Package: cn.appblog.security.oauth2.provider.UserAuthenticationProvider
* @Version: 1.0
*/
@Component
public class UserAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserAuthDetailsService authUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private ApplicationEventPublisher publisher;

/**
* 认证处理,返回一个Authentication的实现类则代表认证成功,返回null则代表认证失败
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isBlank(username)) {
throw new UsernameNotFoundException("username用户名不可以为空");
}
if (StringUtils.isBlank(password)) {
throw new BadCredentialsException("密码不可以为空");
}
//获取用户信息
UserDetails user = authUserDetailsService.loadUserByUsername(username);
//比较前端传入的密码明文和数据库中加密的密码是否相等
if (!passwordEncoder.matches(password, user.getPassword())) {
//发布密码不正确事件
publisher.publishEvent(new UserLoginFailedEvent(authentication));
throw new BadCredentialsException("password密码不正确");
}
//获取用户权限信息
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}

/**
* 如果该AuthenticationProvider支持传入的Authentication对象,则返回true
*/
@Override
public boolean supports(Class<?> aClass) {
return aClass.equals(UsernamePasswordAuthenticationToken.class);
}
}

WebSecurityConfigurerAdapter安全配置类实现

1
2
3
4
5
6
7
8
9
10
11
12
/**
* Spring Security认证服务中的相关实现重新定义
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 加入自定义的安全认证
auth.userDetailsService(this.authUserDetailsService)
.passwordEncoder(this.passwordEncoder())
.and()
.authenticationProvider(smsAuthenticationProvider())
.authenticationProvider(authenticationProvider());
}

测试验证

用户密码:123456
短信验证码:888888

(1)访问:http://localhost:9003/oauth/token?username=user&password=123456&grant_type=password&client_id=client_password&client_secret=secret

1
2
3
4
5
6
7
8
{
"access_token":"ec55d1fcfc00407daa48f9784818dd69",
"token_type":"bearer",
"refresh_token":"3d6d773ac8f74766b243255f71e1011a",
"expires_in":59,
"scope":"all",
"client_id":"client_password"
}

(2)访问:http://localhost:9003/oauth/token?username=user&password=888888&grant_type=password&client_id=client_password&client_secret=secret

1
2
3
4
5
6
7
8
{
"access_token":"dd4ce15181da44169607caa842c3c4a7",
"token_type":"bearer",
"refresh_token":"07325d5d761940a69fbbd9fccf449ddf",
"expires_in":59,
"scope":"all",
"client_id":"client_password"
}

本文转载参考 原文 并加以调试

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :