Spring Security自定义登录验证（不使用userDetailsService）

一：功能说明

1. 实现了自定义登录验证（AuthenticationProvider）

 

二：具体代码

1.自定义AuthenticationProvider

/**
 * @author LEI
 * Created by LEI on 2019/5/30.
 */
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    SecurityUserServiceImpl userService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        MyUserAuthentication myUserAuthentication = (MyUserAuthentication) authentication;
        String name = myUserAuthentication.getName();
        String password = myUserAuthentication.getCredentials().toString();
        String verifyCode = myUserAuthentication.getVerifyCode();

        // 验证码是否正确 测试写死123456
        if(verifyCode.equals("123456")){
            UserDetails userDetails = userService.loadUserByUsername(name);
            //验证用户名
            if(userDetails == null||userDetails.getUsername() == null){
                throw new UsernameNotFoundException("用户名未找到");
            }
            //验证用户密码
            if(userDetails.getPassword().equals(DigestUtils.md5DigestAsHex(password.getBytes()))){
                //如果账户被禁用
                if(!userDetails.isEnabled()){
                    throw new DisabledException("用户被禁用");
                }
               return new UsernamePasswordAuthenticationToken(name, null, userDetails.getAuthorities());
            }
            //用户密码错误
            throw new BadCredentialsException("用户凭证错误");
        }else {
            throw new VerifyCodeException("验证码错误");
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(
                MyUserAuthentication.class);
    }
}

2.将Provider放到认证管理器中 

  说明： ProviderManager会依次调用各个AuthenticationProvider进行认证，认证成功后返回一个封装了用户权限等信息的Authentication对象。

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {    
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(myAuthenticationProvider);
  
        /*
  放弃以前的认证方式
  auth.userDetailsService(userService).passwordEncoder(new MyPasswordEncoder() {
            @Override
            public String encode(CharSequence charSequence) {
                return DigestUtils.md5DigestAsHex(charSequence.toString().getBytes());
            }

            *//**
             * @param charSequence 明文
             * @param s 密文
             * @return
             *//*
            @Override
            public boolean matches(CharSequence charSequence, String s) {
                System.err.println("matches--------->：" + charSequence);
                //如果s密码输入为空
                return !StringUtils.isEmpty(s) && s.equals(DigestUtils.md5DigestAsHex(charSequence.toString().getBytes()));
            }

            @Override
            public void getUsername(String username) {
                System.err.println("username--------->：" + username);
            }
        });*/
    }
}