快捷導(dǎo)航

SpringBoot Security密碼加鹽實(shí)例

更新時(shí)間：2023年02月08日 10:02:41 作者：IT小馬哥

這篇文章主要為打擊介紹了SpringBoot Security密碼加鹽實(shí)例，有需要的朋友可以借鑒參考下，希望能夠有所幫助，祝大家多多進(jìn)步，早日升職加薪

修改加密和驗(yàn)證方法

    /**
     * 生成BCryptPasswordEncoder密碼
     *
     * @param password 密碼
     * @param salt 鹽值
     * @return 加密字符串
     */
    public static String encryptPassword(String password,String salt) {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
         return passwordEncoder.encode(password + salt);
    }
    /**
     * 判斷密碼是否相同
     *
     * @param rawPassword     真實(shí)密碼
     * @param encodedPassword 加密后字符
     * @param salt 鹽值
     * @return 結(jié)果
     */
    public static boolean matchesPassword(String rawPassword, String encodedPassword,String salt) {
        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        return passwordEncoder.matches(rawPassword + salt, encodedPassword);
    }

自定義 DaoAuthenticationProvider

import com.maruifu.common.core.domain.model.LoginUser;
import com.maruifu.common.utils.DateUtils;
import com.maruifu.common.utils.SecurityUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.Authentication;
/**
 * 身份驗(yàn)證提供者
 * @author maruifu
 */
public class JwtAuthenticationProvider extends DaoAuthenticationProvider {
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 可以在此處覆寫整個(gè)登錄認(rèn)證邏輯
        return super.authenticate(authentication);
    }
    /**
     * 重寫加鹽后驗(yàn)證邏輯
     * @param userDetails
     * @param authentication
     * @throws AuthenticationException
     */
    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        if (authentication.getCredentials() == null) {
            this.logger.debug("Failed to authenticate since no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String presentedPassword = authentication.getCredentials().toString();
            LoginUser loginUser =  (LoginUser)userDetails ;
            if (!SecurityUtils.matchesPassword(presentedPassword, userDetails.getPassword(), DateUtils.parseDateToStr(DateUtils.YYYY_MM_DD_HH_MM_SS,loginUser.getUser().getCreateTime()))) {
                this.logger.debug("Failed to authenticate since password does not match stored value");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
    }
}

注冊(cè)到ProciderManager中

import com.maruifu.framework.security.handle.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
 * spring security配置
 *
 * @author maruifu
 */
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {
    /**
     * 自定義用戶認(rèn)證邏輯
     */
    @Autowired
    private UserDetailsService userDetailsService;
    /**
     * 解決 無法直接注入 AuthenticationManager
     * 重寫 加鹽后驗(yàn)證邏輯
     *
     * @return
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean(){
        JwtAuthenticationProvider provider=new JwtAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        ProviderManager manager=new ProviderManager(provider);
        return manager;
    }
    ......省略configure方法
}

以上就是SpringBoot Security密碼加鹽實(shí)例的詳細(xì)內(nèi)容，更多關(guān)于SpringBoot Security密碼加鹽的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: