java编程
搜索
分类

SpringBoot Security密码加盐实例

作者:IT小马哥 时间:2023-06-08 17:06:48 

修改加密和验证方法

/**
    * 生成BCryptPasswordEncoder密码
    *
    * @param password 密码
    * @param salt 盐值
    * @return 加密字符串
    */
   public static String encryptPassword(String password,String salt) {
       BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        return passwordEncoder.encode(password + salt);
   }
   /**
    * 判断密码是否相同
    *
    * @param rawPassword     真实密码
    * @param encodedPassword 加密后字符
    * @param salt 盐值
    * @return 结果
    */
   public static boolean matchesPassword(String rawPassword, String encodedPassword,String salt) {
       BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
       return passwordEncoder.matches(rawPassword + salt, encodedPassword);
   }

自定义 DaoAuthenticationProvider

import com.maruifu.common.core.domain.model.LoginUser;
import com.maruifu.common.utils.DateUtils;
import com.maruifu.common.utils.SecurityUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.Authentication;
/**
* 身份验证提供者
* @author maruifu
*/
public class JwtAuthenticationProvider extends DaoAuthenticationProvider {
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
       // 可以在此处覆写整个登录认证逻辑
       return super.authenticate(authentication);
   }
   /**
    * 重写加盐后验证逻辑
    * @param userDetails
    * @param authentication
    * @throws AuthenticationException
    */
   @Override
   protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
       if (authentication.getCredentials() == null) {
           this.logger.debug("Failed to authenticate since no credentials provided");
           throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
       } else {
           String presentedPassword = authentication.getCredentials().toString();
           LoginUser loginUser =  (LoginUser)userDetails ;
           if (!SecurityUtils.matchesPassword(presentedPassword, userDetails.getPassword(), DateUtils.parseDateToStr(DateUtils.YYYY_MM_DD_HH_MM_SS,loginUser.getUser().getCreateTime()))) {
               this.logger.debug("Failed to authenticate since password does not match stored value");
               throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
           }
       }
   }
}

注册到ProciderManager中

import com.maruifu.framework.security.handle.JwtAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
/**
* spring security配置
*
* @author maruifu
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig1 extends WebSecurityConfigurerAdapter {
   /**
    * 自定义用户认证逻辑
    */
   @Autowired
   private UserDetailsService userDetailsService;
   /**
    * 解决 无法直接注入 AuthenticationManager
    * 重写 加盐后验证逻辑
    *
    * @return
    */
   @Bean
   @Override
   public AuthenticationManager authenticationManagerBean(){
       JwtAuthenticationProvider provider=new JwtAuthenticationProvider();
       provider.setUserDetailsService(userDetailsService);
       ProviderManager manager=new ProviderManager(provider);
       return manager;
   }
   ......省略configure方法
}

来源:https://cloud.tencent.com/developer/article/2198817?areaSource=104001.5&traceId=GqEYuQLOTzxj-OnSA3Lf6

标签:SpringBoot,Security,密码加盐
0
投稿

猜你喜欢

  • Android开发之ListView列表刷新和加载更多实现方法

    2021-06-20 06:28:30

  • 详解DES&3DES算法的原理以及C#和JS的实现

    2021-06-29 21:58:07

  • Android实现简单手电筒功能

    2023-09-17 19:50:27

  • Java实战项目 医院预约挂号系统

    2023-09-18 06:56:44

  • java实现转圈打印矩阵算法

    2022-11-27 06:38:21

  • android自动生成dimens适配文件的图文教程详解(无需Java工具类)

    2023-07-17 12:12:30

  • Spring P标签的使用详解

    2021-09-28 22:24:14

  • Java新手环境搭建 JDK8安装配置教程

    2023-11-25 17:23:10

  • Java实现限定时间CountDownLatch并行场景

    2023-06-05 01:47:27

  • 英语单词state与status的区别

    2021-09-04 13:57:34

  • 基于Java实现获取本地IP地址和主机名

    2023-03-19 04:03:55

  • C#检查字符串是否是合法URL地址的方法

    2022-08-09 16:24:06

  • Java程序部署到服务器上,接口请求下载文件失败/文件为空/文件名不对的问题

    2023-05-12 15:30:00

  • Quarkus中RESTEasy Reactive集成合并master分支

    2023-06-07 14:20:45

  • Android开发InputManagerService创建与启动流程

    2021-07-11 20:45:22

  • Spring Boot整合MyBatis操作过程

    2022-08-02 13:50:22

  • java中this与super关键字的使用方法

    2022-05-04 22:03:29

  • Java中的private、protected、public和default的区别(详解)

    2023-01-10 01:55:51

  • C语言压缩文件和用MD5算法校验文件完整性的实例教程

    2023-04-01 05:21:49

  • Javaweb El表达式实例详解

    2021-06-21 22:59:32
    • asp之家 软件编程 m.aspxhome.com