标签:code String 验证 CustomerUsernamePasswordAuthenticationToken SpringSecurity authen
主要就是 增加安全性,类似于 短信二次验证一样,不过Google 二次验证 提供的是开源一套算法,节约成本,很多网站为了真加安全性,都开启了二次验证 。
java 具体思路
- 网站或者服务端 开启二次验证 ,引入开源工具包
编写对应的工具类,生成二维码链接,用户扫描绑定 秘钥key
自定义 AuthenticationProvider,UsernamePasswordAuthenticationToken 在校验完用户密码后再 处理 google 校验逻辑
代码
- 修改配置SpringSecurity
httpSecurity.authenticationProvider(new CustomerAuthenticationProvider(userDetailsService,bCryptPasswordEncoder()));
-
自定义 CustomerAuthenticationProvider,CustomerUsernamePasswordAuthenticationToken 直接继承重写父类方法就行
public class CustomerAuthenticationProvider extends DaoAuthenticationProvider { public CustomerAuthenticationProvider(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) { super(); setUserDetailsService(userDetailsService); setPasswordEncoder(bCryptPasswordEncoder); } protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { if (authentication.getCredentials() == null) { this.logger.debug("Failed to authenticate since no credentials provided"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { String presentedPassword = authentication.getCredentials().toString(); if (!getPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) { this.logger.debug("Failed to authenticate since password does not match stored value"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } googleAuthenticator((LoginUser) userDetails, (CustomerUsernamePasswordAuthenticationToken) authentication); } } /** * Google 二次验证 * @param userDetails * @param authentication */ private void googleAuthenticator(LoginUser userDetails, CustomerUsernamePasswordAuthenticationToken authentication) { // Google 二次验证 LoginUser loginUser = userDetails; SysUser user = loginUser.getUser(); String googleAuthSecret = user.getGoogleAuthSecret(); if(StringUtils.isBlank(googleAuthSecret)){ throw new ServiceException(GOOGLE_AUTHENTICATOR_401001.getMsg(),GOOGLE_AUTHENTICATOR_401001.getCode()); } CustomerUsernamePasswordAuthenticationToken customerToken = authentication; String code = customerToken.getCode(); boolean valid = GoogleAuthenticatorUtils.valid(googleAuthSecret, Integer.valueOf(code).intValue()); if(!valid){ throw new ServiceException("Google Authenticator 验证码错误"); } } } public class CustomerUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken { /** * Google 二次验证 生成 code */ private String code; public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials) { super(principal, credentials); } public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials,String code) { super(principal, credentials); this.code = code; } public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) { super(principal, credentials, authorities); } public String getCode() { return code; } public void setCode(String code) { this.code = code; } } // 调用自定义 CustomerUsernamePasswordAuthenticationToken authentication = authenticationManager .authenticate(new CustomerUsernamePasswordAuthenticationToken(username, password,code));
标签:code,String,验证,CustomerUsernamePasswordAuthenticationToken,SpringSecurity,authen 来源: https://www.cnblogs.com/lyc88/p/15703854.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。