SpringBoot Security密码加盐实例
IT小马哥 人气:0修改加密和验证方法
/** * 生成BCryptPasswordEncoder密码 * * @param password 密码 * @param salt 盐值 * @return 加密字符串 */ public static String encryptPassword(String password,String salt) { BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); return passwordEncoder.encode(password + salt); } /** * 判断密码是否相同 * * @param rawPassword 真实密码 * @param encodedPassword 加密后字符 * @param salt 盐值 * @return 结果 */ public static boolean matchesPassword(String rawPassword, String encodedPassword,String salt) { BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); return passwordEncoder.matches(rawPassword + salt, encodedPassword); }
自定义 DaoAuthenticationProvider
import com.maruifu.common.core.domain.model.LoginUser; import com.maruifu.common.utils.DateUtils; import com.maruifu.common.utils.SecurityUtils; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.Authentication; /** * 身份验证提供者 * @author maruifu */ public class JwtAuthenticationProvider extends DaoAuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // 可以在此处覆写整个登录认证逻辑 return super.authenticate(authentication); } /** * 重写加盐后验证逻辑 * @param userDetails * @param authentication * @throws AuthenticationException */ @Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { if (authentication.getCredentials() == null) { this.logger.debug("Failed to authenticate since no credentials provided"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { String presentedPassword = authentication.getCredentials().toString(); LoginUser loginUser = (LoginUser)userDetails ; if (!SecurityUtils.matchesPassword(presentedPassword, userDetails.getPassword(), DateUtils.parseDateToStr(DateUtils.YYYY_MM_DD_HH_MM_SS,loginUser.getUser().getCreateTime()))) { this.logger.debug("Failed to authenticate since password does not match stored value"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } } } }
注册到ProciderManager中
import com.maruifu.framework.security.handle.JwtAuthenticationProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; /** * spring security配置 * * @author maruifu */ @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class SecurityConfig1 extends WebSecurityConfigurerAdapter { /** * 自定义用户认证逻辑 */ @Autowired private UserDetailsService userDetailsService; /** * 解决 无法直接注入 AuthenticationManager * 重写 加盐后验证逻辑 * * @return */ @Bean @Override public AuthenticationManager authenticationManagerBean(){ JwtAuthenticationProvider provider=new JwtAuthenticationProvider(); provider.setUserDetailsService(userDetailsService); ProviderManager manager=new ProviderManager(provider); return manager; } ......省略configure方法 }
加载全部内容