Spring?Security重寫AuthenticationManager實(shí)現(xiàn)賬號(hào)密碼登錄或者手機(jī)號(hào)碼登錄

更新時(shí)間：2025年08月10日 11:11:06 作者：餘yuqn

本文主要介紹了Spring?Security重寫AuthenticationManager實(shí)現(xiàn)賬號(hào)密碼登錄或者手機(jī)號(hào)碼登錄,文中通過示例代碼介紹的非常詳細(xì),需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧

使用 Spring Security 重寫AuthenticationManager實(shí)現(xiàn)賬號(hào)密碼登錄或者手機(jī)號(hào)碼登錄，Spring Security默認(rèn)使用賬號(hào)密碼進(jìn)行登錄，通過將賬號(hào)密碼寫入到UsernamePasswordAuthenticationToken中，認(rèn)證成功后創(chuàng)建一個(gè)包含用戶信息和權(quán)限的認(rèn)證令牌；在UsernamePasswordAuthenticationToken認(rèn)證的時(shí)候，調(diào)用UserDetailsService進(jìn)行校驗(yàn)（此次可以自己寫邏輯進(jìn)行校驗(yàn)，如查數(shù)據(jù)庫），并且返回UserDetails（用戶信息類）。

在此基礎(chǔ)上實(shí)現(xiàn)功能：用戶能夠使用賬號(hào)+密碼登錄；用戶能夠使用手機(jī)號(hào)碼登錄（個(gè)人暫時(shí)只需要用到手機(jī)號(hào)碼+第三方驗(yàn)證碼登錄，可以根據(jù)需求更改配置）。

一、創(chuàng)建自定義認(rèn)證提供者CustomAuthenticationProvider

import com.yuqn.service.impl.PhoneNumberUserService;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;

public class CustomAuthenticationProvider implements AuthenticationProvider {

    private UserDetailsService userDetailsService;
    private PasswordEncoder passwordEncoder;
    private PhoneNumberUserService phoneNumberUserService;

    public CustomAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, PhoneNumberUserService phoneNumberUserService) {
        this.userDetailsService = userDetailsService;
        this.passwordEncoder = passwordEncoder;
        this.phoneNumberUserService = phoneNumberUserService;
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        // 接收認(rèn)證信息
        String credentials = (String) authentication.getCredentials();
        String principal = (String) authentication.getPrincipal();
        // 判斷是賬號(hào)登錄還是手機(jī)號(hào)登錄，這里簡單通過前綴區(qū)分
        UserDetails userDetails = null;
        if (principal.startsWith("username:")) {
            // 賬號(hào)登錄
            String username = principal.substring("username:".length());
            userDetails = userDetailsService.loadUserByUsername(username);
            if (!passwordEncoder.matches(credentials, userDetails.getPassword())) {
                throw new BadCredentialsException("Invalid username or password");
            }
        } else if (principal.startsWith("phone:")) {
            // 手機(jī)號(hào)登錄
            // 這里需要有一個(gè)根據(jù)手機(jī)號(hào)加載用戶信息的方法，比如 userDetailsService.loadUserByPhoneNumber(phoneNumber)
            // 但由于UserDetailsService沒有提供這樣的方法，所以這里只是一個(gè)示例，你需要自己實(shí)現(xiàn)這個(gè)邏輯
            String phoneNumber = principal.substring("phone:".length());
            // 手機(jī)號(hào)碼登錄
            userDetails = phoneNumberUserService.loadUserByPhoneNumber(phoneNumber);
        } else {
            throw new BadCredentialsException("Invalid principal format");
        }
        // 如果用戶信息驗(yàn)證成功，則創(chuàng)建一個(gè)新的已認(rèn)證令牌并返回
        UsernamePasswordAuthenticationToken authenticatedToken = new UsernamePasswordAuthenticationToken(userDetails, credentials, userDetails.getAuthorities());
        authenticatedToken.setDetails(authentication.getDetails());
        return authenticatedToken;
    }
    @Override
    public boolean supports(Class<?> authentication) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
    }
}

二、創(chuàng)建認(rèn)證業(yè)務(wù)UserDetailsService、PhoneNumberUserService

創(chuàng)建兩個(gè)驗(yàn)證類，用于進(jìn)行用戶認(rèn)證，其中UserDetailsService認(rèn)證賬號(hào)密碼登錄，PhoneNumberUserService認(rèn)證手機(jī)號(hào)碼登錄（我這里手機(jī)號(hào)碼唯一，通過手機(jī)號(hào)碼查詢用戶，具體邏輯根據(jù)自己業(yè)務(wù)來）

UserDetailsService類：

/**
 * @author: yuqn
 * @Date: 2024/5/21 23:34
 * @description:
 * secutiry類
 * 重寫登錄驗(yàn)證方法，常規(guī)方法是 loadUserByUsername 接收傳遞的參數(shù)，進(jìn)行security自定義的校驗(yàn)
 * 這里重寫 loadUserByUsername 方法，自定義校驗(yàn)方法（如查詢數(shù)據(jù)庫是否存在此人）
 * @version: 1.0
 */
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
    @Autowired
    private UserMapper userMapper;

    @Autowired
    private MenuMapper menuMapper;

    /**
     * @author: yuqn
     * @Date: 2024/11/24 0:30
     * @description:
     * 根據(jù)用戶名查詢到用戶信息，并且映射到UserDetails
     * @param: null
     * @return: null
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 查詢用戶
        System.out.println("username==" + username);
        LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
        queryWrapper.eq(User::getUserName,username);
        User user = userMapper.selectOne(queryWrapper);
        System.out.println("user = " + user);
        // 如果沒有用戶就拋出異常
        if(Objects.isNull(user)){
            throw new RuntimeException("用戶名或者密碼錯(cuò)誤");
        }

        // 查詢對(duì)應(yīng)權(quán)限
        // List<String> list = new ArrayList<>(Arrays.asList("test","admin"));
        List<String> list = menuMapper.selectPermsByUserId(user.getId());
        list.add(user.getRoles());
        System.out.println("list = " + list);

        // 將user封裝到 LoginUser 返回，security 會(huì)根據(jù) LoginUser 獲取賬號(hào)密碼進(jìn)行校驗(yàn)，數(shù)據(jù)庫中的密碼需要使用{noop}表示明文保存的，不然會(huì)報(bào)錯(cuò)，因?yàn)閟ecurity使用的加密校驗(yàn)
        return new LoginUser(user,list);
    }
}

PhoneNumberUserService類：

/**
 * @author: yuqn
 * @Date: 2024/11/26 11:09
 * @description:
 * 電話號(hào)碼查詢用戶，封裝到UserDetails，用于CustomAuthenticationProvider驗(yàn)證
 * @version: 1.0
 */
@Service
public class PhoneNumberUserService {

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private MenuMapper menuMapper;

    /**
     * @author: yuqn
     * @Date: 2024/11/26 11:04
     * @description:
     * 自定義手機(jī)號(hào)碼驗(yàn)證
     * @param: null
     * @return: null
     */
    public UserDetails loadUserByPhoneNumber(String phoneNumber){
        // 根據(jù)手機(jī)號(hào)碼查詢用戶
        LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
        queryWrapper.eq(User::getPhonenumber,phoneNumber);
        User user = userMapper.selectOne(queryWrapper);
        // 如果沒有用戶就拋出異常
        if(Objects.isNull(user)){
            throw new RuntimeException("用戶名或者密碼錯(cuò)誤");
        }
        // 查詢對(duì)應(yīng)權(quán)限
        // List<String> list = new ArrayList<>(Arrays.asList("test","admin"));
        List<String> list = menuMapper.selectPermsByUserId(user.getId());
        list.add(user.getRoles());
        System.out.println("list = " + list);

        // 將user封裝到 LoginUser 返回，security 會(huì)根據(jù) LoginUser 獲取賬號(hào)密碼進(jìn)行校驗(yàn)，數(shù)據(jù)庫中的密碼需要使用{noop}表示明文保存的，不然會(huì)報(bào)錯(cuò)，因?yàn)閟ecurity使用的加密校驗(yàn)
        return new LoginUser(user,list);
    }
}

三、更改配置類

注入自定義認(rèn)證提供者CustomAuthenticationProvider，從而實(shí)現(xiàn)邏輯。

 @Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
    return authenticationConfiguration.getAuthenticationManager();
}

@Bean
public PasswordEncoder passwordEncoder(){
    return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService() {
    // 返回你的UserDetailsService實(shí)現(xiàn)
    return new UserDetailsService();
}
@Bean
public PhoneNumberUserService phoneNumberUserService(){
    return new PhoneNumberUserService();
}

@Bean
public CustomAuthenticationProvider customAuthenticationProvider() {
    return new CustomAuthenticationProvider(userDetailsService(), passwordEncoder(),phoneNumberUserService());
}

四、登錄業(yè)務(wù)類

登錄接口調(diào)用該業(yè)務(wù)類，將用戶信息存入到UsernamePasswordAuthenticationToken實(shí)現(xiàn)自定義認(rèn)證，認(rèn)證成功后生成一個(gè)憑證，用戶返回給調(diào)用者。

@Override
public Result login(User user) {
    //authenticationManager authenticate 進(jìn)行用戶認(rèn)證，通過封裝的authenticationToken進(jìn)行驗(yàn)證
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user.getUserName(),user.getPassword());
    System.out.println("authenticationToken = " + authenticationToken);
    Authentication authenticate = authenticationManager.authenticate(authenticationToken);
    System.out.println("authenticate = " + authenticate);
    // 如果認(rèn)證沒提過，給出對(duì)應(yīng)的提示
    if(Objects.isNull(authenticate)){
        throw new RuntimeException("登錄失敗");
    }
    //如果認(rèn)證通過，使用userid生成一個(gè)jwt，jwt存入responseresult返回
    LoginUser loginUser = (LoginUser) authenticate.getPrincipal();
    System.out.println("loginuser：" + loginUser);
    String userid = loginUser.getUser().getId().toString();
    String jwt = JwtUtil.createJWT(userid);
    Map<String,String> map = new HashMap<>();
    map.put("token",jwt);
    //把完整的用戶信息存入到redis userid作為key
    redisCache.setCacheObject("login:" + userid, loginUser);
    return Result.OK("登錄成功",map);
}

五、寫接口

@PostMapping("/user/login")
public Result login(@RequestBody User user){
    // 登錄
    return loginService.login(user);
}

六、測試

七、總結(jié)

UsernamePasswordAuthenticationToken提供的方法參數(shù)是用戶名、用戶名+密碼、用戶名+密碼+權(quán)限，所以使用手機(jī)號(hào)碼登錄，實(shí)際上是將手機(jī)號(hào)碼當(dāng)成用戶名，通過自定義認(rèn)證器進(jìn)行攔截并處理，最終實(shí)現(xiàn)效果。

到此這篇關(guān)于Spring Security重寫AuthenticationManager實(shí)現(xiàn)賬號(hào)密碼登錄或者手機(jī)號(hào)碼登錄的文章就介紹到這了,更多相關(guān)SpringSecurity AuthenticationManager登錄內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: