SpringSecurity 免密登录方法 |
您所在的位置:网站首页 › 微信免登录验证版下载 › SpringSecurity 免密登录方法 |
需求:做微信公众号扫码登录的时候发现,我们通过微信用户的openID获取后台用户的账号,但是密码是加密放到数据库且不能逆向解密,这时就应该跳过密码认证。 添加自定义校验 # MyAuthenticationProvider package com.spark.security.config; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; import javax.annotation.Resource; import static com.spark.biz.admin.service.impl.SysLoginService.checkPwdThreadLocal; /** * @author Jerry * @date 2024-01-26 18:15 * 自定义密码验证 */ @Component public class MyAuthenticationProvider extends DaoAuthenticationProvider { private PasswordEncoder passwordEncoder; /** * 构造初始化 * @param userDetailsService * @param passwordEncoder */ public MyAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) { super(); // 这个地方一定要对userDetailsService赋值,不然userDetailsService是null (这个坑有点深) setUserDetailsService(userDetailsService); //passwordEncoder由于父类是private,这里需要自定义初始化后才能使用 this.passwordEncoder = passwordEncoder; } /** * 重写该方法 * @param userDetails * @param authentication * @throws AuthenticationException */ @Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { if (authentication.getCredentials() == null) { this.logger.debug("Failed to authenticate since no credentials provided"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { // 线程变量 Boolean checkPwd = checkPwdThreadLocal.get(); checkPwdThreadLocal.remove(); checkPwd = checkPwd == null || checkPwd; // 如果不需要密码直接跳过 if (!checkPwd) { return; } String presentedPassword = authentication.getCredentials().toString(); if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) { this.logger.debug("Authentication failed: password does not match stored value"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } } } } |
今日新闻 |
点击排行 |
|
推荐新闻 |
图片新闻 |
|
专题文章 |
CopyRight 2018-2019 实验室设备网 版权所有 win10的实时保护怎么永久关闭 |