Spring Security自定义认证器的实现代码

public class NamePassAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = 520L; private final Object principal; private Object credentials; //提供第一次进来的构造方法 public NamePassAuthenticationToken(Object principal, Object credentials) { super((Collection)null); this.principal = principal; this.credentials = credentials; this.setAuthenticated(false); } //提供填充Authentication的构造方法 public NamePassAuthenticationToken(Object principal, Object credentials, Collection authorities) { super(authorities); this.principal = principal; this.credentials = credentials; super.setAuthenticated(true); } @Override public Object getCredentials() { return this.credentials; } @Override public Object getPrincipal() { return this.principal; } @Override public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { if (isAuthenticated) { throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead"); } else { super.setAuthenticated(false); } } @Override public void eraseCredentials() { super.eraseCredentials(); this.credentials = null; } }

@Setter public class NamePassAuthenticationProvider implements AuthenticationProvider { private CustomUserDetailsService userDetailsService; private PasswordEncoder passwordEncoder; @Override //具体认证逻辑 public Authentication authenticate(Authentication authentication) { NamePassAuthenticationToken authenticationToken = (NamePassAuthenticationToken) authentication; String username = (String) authenticationToken.getPrincipal(); String password = (String) authenticationToken.getCredentials(); //让具体认证类去认证 UserDetails user = userDetailsService.loadUserByUsername(username); boolean matches = passwordEncoder.matches(password, user.getPassword()); if (!matches) { ResMsg.throwException(AuthExceptionGroup.AUTH_ERROR); } //填充Authentication NamePassAuthenticationToken authenticationResult = new NamePassAuthenticationToken(user, password, user.getAuthorities()); authenticationResult.setDetails(authenticationToken.getDetails()); return authenticationResult; } @Override //指定具体的Authentication //根据你指定的Authentication来找到具体的Provider public boolean supports(Class authentication) { return NamePassAuthenticationToken.class.isAssignableFrom(authentication); } }

@Component public class NamePassAuthenticationSecurityConfig extends SecurityConfigurerAdapter { @Autowired private CustomUserDetailsService customUserDetailsService; @Autowired private PasswordEncoder passwordEncoder; @Override public void configure(HttpSecurity http) { //phonePass provider NamePassAuthenticationProvider provider = new NamePassAuthenticationProvider(); provider.setUserDetailsService(customUserDetailsService); provider.setPasswordEncoder(passwordEncoder); http.authenticationProvider(provider); } }

@Autowired private NamePassAuthenticationSecurityConfig namePassAuthenticationSecurityConfig; protected void configure(HttpSecurity http) throws Exception { http.apply(namePassAuthenticationSecurityConfig); }

@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { AuthmsViewAccount account = accountService.getAccount(username); if(account == null) { ResMsg.throwException(AUTH_ERROR); } if (account.getStatus() != 1) { ResMsg.throwException(ACCOUNT_HAS_BANED); } String spliceStaffInfo = String.format("%d-%s",account.getAccountId(),account.getUsername()); //只要Collection authorities //这个参数不为空，就表明认证通过，所以空集合也可以通过 return new User(spliceStaffInfo,account.getPassword(), AuthorityUtils.NO_AUTHORITIES); }

@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { String bearerToken = resolveToken(request); if (bearerToken != null && !"".equals(bearerToken.trim()) && SecurityContextHolder.getContext().getAuthentication() == null) { //从redis中获取该用户 NamePassAuthenticationToken namePassAuthenticationToken = authRedisHelper.get(bearerToken); if(namePassAuthenticationToken != null) { //将信息保存到上下文中 SecurityContextHolder.getContext().setAuthentication(namePassAuthenticationToken); } } chain.doFilter(request, response); } private String resolveToken(HttpServletRequest request) { String bearerToken = request.getHeader("Authorization"); if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(TOKEN_PREFIX)) { return bearerToken.substring(7); } return null; }

public NamePassAuthenticationToken get(String bearerToken){ String spliceStaffInfo = (String)redisRepository.get(formatKey(bearerToken)); if(spliceStaffInfo == null) { return null; } return new NamePassAuthenticationToken(new AuthStaff(spliceStaffInfo),null,AuthorityUtils.NO_AUTHORITIES); }

// 通过用户名和密码创建一个 Authentication 认证对象，实现类为 NamePassAuthenticationToken NamePassAuthenticationToken authenticationToken = new NamePassAuthenticationToken(user.getUsername(), user.getPassword()); //通过 AuthenticationManager（默认实现为ProviderManager）的authenticate方法验证 Authentication 对象 //AuthenticationManager会通过你传入的authenticationToken来找到具体的Provider Authentication authentication = authenticationManager.authenticate(authenticationToken); //填充用户信息到secrity中的user里 User principal = (User) authentication.getPrincipal(); //获取认证后的信息 NamePassAuthenticationToken namePassAuthenticationToken = new NamePassAuthenticationToken(new AuthStaff(principal.getUsername()), null, authentication.getAuthorities()); // 生成token String bearerToken = IdUtil.fastSimpleUUID(); // 加载到reids authRedisHelper.set(bearerToken, namePassAuthenticationToken);