一:功能说明
- 实现了自定义登录验证(AuthenticationProvider)
二:具体代码
1.自定义AuthenticationProvider
/**
* @author LEI
* Created by LEI on 2019/5/30.
*/
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
@Autowired
SecurityUserServiceImpl userService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
MyUserAuthentication myUserAuthentication = (MyUserAuthentication) authentication;
String name = myUserAuthentication.getName();
String password = myUserAuthentication.getCredentials().toString();
String verifyCode = myUserAuthentication.getVerifyCode();
// 验证码是否正确 测试写死123456
if(verifyCode.equals("123456")){
UserDetails userDetails = userService.loadUserByUsername(name);
//验证用户名
if(userDetails == null||userDetails.getUsername() == null){
throw new UsernameNotFoundException("用户名未找到");
}
//验证用户密码
if(userDetails.getPassword().equals(DigestUtils.md5DigestAsHex(password.getBytes()))){
//如果账户被禁用
if(!userDetails.isEnabled()){
throw new DisabledException("用户被禁用");
}
return new UsernamePasswordAuthenticationToken(name, null, userDetails.getAuthorities());
}
//用户密码错误
throw new BadCredentialsException("用户凭证错误");
}else {
throw new VerifyCodeException("验证码错误");
}
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(
MyUserAuthentication.class);
}
}
2.将Provider放到认证管理器中
说明: ProviderManager会
依次调用各个AuthenticationProvider
进行认证,认证成功后返回一个封装了用户权限等信息的Authentication
对象。
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(myAuthenticationProvider);
/*
放弃以前的认证方式
auth.userDetailsService(userService).passwordEncoder(new MyPasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
}
*//**
* @param charSequence 明文
* @param s 密文
* @return
*//*
@Override
public boolean matches(CharSequence charSequence, String s) {
System.err.println("matches--------->:" + charSequence);
//如果s密码输入为空
return !StringUtils.isEmpty(s) && s.equals(DigestUtils.md5DigestAsHex(charSequence.toString().getBytes()));
}
@Override
public void getUsername(String username) {
System.err.println("username--------->:" + username);
}
});*/
}
}