1、密碼加密
格式:ENCODER.encode(密碼明文)
說明:加密后作為密碼密文保存到數據庫
例如:ENCODER.encode("123456") //$2a$10$PVUHriO67YxRYq84eXVpjefGMmgiScUIHRCaDpj0eWti/535fV83e
2、密碼驗證
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); passwordEncoder.encode("123456") //返回結果:{bcrypt}$2a$10$hgaJ98H2ntO.DE2pE.fWZuHG29zJn7ksr8gBsiW1XIX.bhEYXeK1.
passwordEncoder.matches("123456", passwordEncoder.encode("123456")) passwordEncoder.matches("123456", "{bcrypt}" + ENCODER.encode("123456"))
3、案例
3.1、密碼初始化
{tajia-upms-biz}SysUserServiceImpl.java @Override @Transactional(rollbackFor = Exception.class) public Boolean saveUser(UserDTO userDto) { SysUser sysUser = new SysUser(); BeanUtils.copyProperties(userDto, sysUser); sysUser.setDelFlag(CommonConstants.STATUS_NORMAL); sysUser.setPassword(ENCODER.encode(userDto.getPassword())); baseMapper.insert(sysUser); List<SysUserRole> userRoleList = userDto.getRole().stream().map(roleId -> { SysUserRole userRole = new SysUserRole(); userRole.setUserId(sysUser.getUserId()); userRole.setRoleId(roleId); return userRole; }).collect(Collectors.toList()); return sysUserRoleService.saveBatch(userRoleList); }
3.2、構建userdetails
{tajia-common-security}SysUserServiceImpl.java /** * 構建userdetails * * @param result 用戶信息 * @return
*/
private UserDetails getUserDetails(R<UserInfo> result) { if (result == null || result.getData() == null) { throw new UsernameNotFoundException("用戶不存在"); } UserInfo info = result.getData(); Set<String> dbAuthsSet = new HashSet<>(); if (ArrayUtil.isNotEmpty(info.getRoles())) { // 獲取角色
Arrays.stream(info.getRoles()).forEach(roleId -> dbAuthsSet.add(SecurityConstants.ROLE + roleId)); // 獲取資源
dbAuthsSet.addAll(Arrays.asList(info.getPermissions())); } Collection<? extends GrantedAuthority> authorities = AuthorityUtils .createAuthorityList(dbAuthsSet.toArray(new String[0])); SysUser user = info.getSysUser(); boolean enabled = StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL); // 構造security用戶
// user.getPassword() 就是數據庫密碼
return new TajiaUser(UserTypeEnum.ADMIN_USER.getUserType(), user.getUserId(), user.getDeptId(), user.getPhone(), user.getAvatar(), user.getTenantId(), user.getUsername(), SecurityConstants.BCRYPT + user.getPassword(), enabled, true, true, !CommonConstants.STATUS_LOCK.equals(user.getLockFlag()), authorities); }
3.3、登錄密碼驗證
在{tajia-common-security}XkUserAuthenticationProvider,繼承AbstractUserDetailsAuthenticationProvider,用來登錄驗證。
@Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { if (authentication.getCredentials() == null) { log.debug("Failed to authenticate since no credentials provided"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { //密碼明文
String presentedPassword = authentication.getCredentials().toString(); //驗證登錄密碼是否匹配
if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) { this.logger.debug("Failed to authenticate since password does not match stored value"); throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } } }
注意:手動修改數據庫密碼,要清理緩存。