概述:
Spring Security 的 PasswordEncoder 用于对用户的密码进行加密(哈希处理)和解密,提供了很多加密算法,但是在某些情况下,我们需要自定义一些特殊的登录逻辑。本文将详细介绍如何自定义登录逻辑,实现 PasswordEncoder 的自定义。
过程:
1.继承PasswordEncoder接口,实现自定义逻辑的加密方法。
public class CustomPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence rawPassword) {
// 自定义加密逻辑代码
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
// 自定义验证逻辑代码
}
}
2.在 Spring Security 配置类(通常是继承 WebSecurityConfigurerAdapter )中,使用自定义的 PasswordEncoder 进行配置。
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new CustomPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http相关的配置信息
}
}
3.在用户登录流程中,使用自定义的 PasswordEncoder 进行密码验证。
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private CustomUserMapper customUserMapper;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
CustomUser customUser = customUserMapper.selectByUsername(username);
if (customUser == null) {
throw new UsernameNotFoundException("用户不存在");
}
String password = customUser.getPassword();
if (!passwordEncoder.matches(password, password)) {
throw new BadCredentialsException("密码不正确");
}
return new User(username, password, new ArrayList<>());
}
}
示例:
1.使用 BCryptPasswordEncoder 进行密码加密和验证。
public class BCryptPasswordEncoderTest {
@Test
public void testEncode() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String password = "123456";
String encodedPassword = encoder.encode(password);
System.out.println(encodedPassword);
}
@Test
public void testMatches() {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String encodedPassword = "$2a$10$gA1ZfATHy3dUkY2VjEWvSeMEyKsU5/SPOQM4CiJlfClhbB.PHBrHa";
String password = "123456";
boolean result = encoder.matches(password, encodedPassword);
Assert.assertEquals(true, result);
}
}
2.自定义密码加密和验证逻辑。
public class CustomPasswordEncoderTest {
@Test
public void testEncode() {
CustomPasswordEncoder encoder = new CustomPasswordEncoder();
String password = "123456";
String encodedPassword = encoder.encode(password);
System.out.println(encodedPassword);
}
@Test
public void testMatches() {
CustomPasswordEncoder encoder = new CustomPasswordEncoder();
String encodedPassword = "14e1b600b1fd579f47433b88e8d85291";
String password = "123456";
boolean result = encoder.matches(password, encodedPassword);
Assert.assertEquals(true, result);
}
}
注意事项:
- 所有自定义的 PasswordEncoder 都需要进行单元测试,确保其加密和解密的正确性。
- 自定义的 PasswordEncoder 一般需要和自定义的 UserDetailsService 一起使用,确保在用户登录时版本的密码比对逻辑不会出错。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:Spring Security密码解析器PasswordEncoder自定义登录逻辑 - Python技术站