SpringSecurity实现自定义登录方式
作者:勿语&
本文介绍自定义登录流程,包括自定义AuthenticationToken、AuthenticationFilter、AuthenticationProvider以及SecurityConfig配置类,详细解析了认证流程的实现,为开发人员提供了具体的实施指导和参考
自定义登录
- 定义Token
- 定义Filter
- 定义Provider
- 配置类中定义登录的接口
1.自定义AuthenticationToken
public class EmailAuthenticationToken extends UsernamePasswordAuthenticationToken{ public EmailAuthenticationToken(Object principal, Object credentials) { super(principal, credentials); } public EmailAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) { super(principal, credentials, authorities); } }
2.自定义AuthenticationFilter
public class EmailAuthenticationFilter extends AbstractAuthenticationProcessingFilter { private static final String EMAIL = "email"; private static final String EMAIL_CODE = "emailCode"; private boolean postOnly = true; public EmailAuthenticationFilter(RequestMatcher requestMatcher) { super(requestMatcher); } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { if (this.postOnly && !request.getMethod().equals("POST")) { throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod()); } else { Map<String, String> map = new ObjectMapper().readValue(request.getInputStream(), Map.class); String email = map.get(EMAIL); email = email != null ? email : ""; email = email.trim(); String emailCode = map.get(EMAIL_CODE); emailCode = emailCode != null ? emailCode : ""; EmailAuthenticationToken emailAuthenticationToken = new EmailAuthenticationToken(email, emailCode); this.setDetails(request, emailAuthenticationToken); return this.getAuthenticationManager().authenticate(emailAuthenticationToken); } } protected void setDetails(HttpServletRequest request, EmailAuthenticationToken authRequest) { authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request)); } }
3.自定义AuthenticationProvider
public class EmailAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { EmailAuthenticationToken emailAuthenticationToken = (EmailAuthenticationToken) authentication; String code = emailAuthenticationToken.getCode(); String email = (String) emailAuthenticationToken.getPrincipal(); if (email.equals("205564122@qq.com") && code.equals("1234")) { SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("wuyu"); return new EmailAuthenticationToken(email, null, List.of(simpleGrantedAuthority)); } throw new InternalAuthenticationServiceException("认证失败"); } @Override public boolean supports(Class<?> authentication) { return EmailAuthenticationToken.class.isAssignableFrom(authentication); } }
4.定义SecurityConfig配置类
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { @Resource private StringRedisTemplate stringRedisTemplate; @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.cors().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeHttpRequests().anyRequest().permitAll(); http.logout().logoutSuccessHandler(logoutSuccessHandler()); // 配置邮箱登录 EmailAuthenticationFilter emailAuthenticationFilter = new EmailAuthenticationFilter(new AntPathRequestMatcher("/login/email", "POST")); emailAuthenticationFilter.setAuthenticationManager(authenticationManagerBean()); emailAuthenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler()); emailAuthenticationFilter.setAuthenticationFailureHandler(authenticationFailureHandler()); http.addFilterBefore(emailAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); http.authenticationProvider(new EmailAuthenticationProvider()); } @Bean public AuthenticationSuccessHandler authenticationSuccessHandler() { return (request, response, authentication) -> { // 1.生成Token String token = UUID.randomUUID().toString(); // 2.将Token和用户信息存入redis stringRedisTemplate.opsForValue().set(AuthConstants.TOKEN_PREFIX + token, JSON.toJSONString(authentication.getPrincipal()), AuthConstants.TOKEN_DURATION); // 3.返回Token response.setContentType(ResponseConstants.APPLICATION_JSON); PrintWriter writer = response.getWriter(); writer.write(JSON.toJSONString(Result.success(token))); writer.flush(); writer.close(); }; } @Bean public AuthenticationFailureHandler authenticationFailureHandler() { return (request, response, exception) -> { response.setContentType(ResponseConstants.APPLICATION_JSON); PrintWriter writer = response.getWriter(); writer.write(JSON.toJSONString(Result.fail(exception.getMessage()))); writer.flush(); writer.close(); }; } @Bean public LogoutSuccessHandler logoutSuccessHandler() { return (request, response, authentication) -> { String authorization = request.getHeader(AuthConstants.AUTHORIZATION); authorization = authorization.replace(AuthConstants.BEARER, ""); stringRedisTemplate.delete(AuthConstants.TOKEN_PREFIX + authorization); PrintWriter writer = response.getWriter(); writer.write(JSON.toJSONString(Result.success())); writer.flush(); writer.close(); }; } }
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。