1、密码加密
格式:ENCODER.encode(密码明文)
说明:加密后作为密码密文保存到数据库
例如:ENCODER.encode("123456") //$2a$10$PVUHriO67YxRYq84eXVpjefGMmgiScUIHRCaDpj0eWti/535fV83e
2、密码验证
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
passwordEncoder.encode("123456") //返回结果:{bcrypt}$2a$10$hgaJ98H2ntO.DE2pE.fWZuHG29zJn7ksr8gBsiW1XIX.bhEYXeK1.
passwordEncoder.matches("123456", passwordEncoder.encode("123456"))
passwordEncoder.matches("123456", "{bcrypt}" + ENCODER.encode("123456"))
3、案例
3.1、密码初始化
{tajia-upms-biz}SysUserServiceImpl.java
@Override
@Transactional(rollbackFor = Exception.class)
public Boolean saveUser(UserDTO userDto) {
SysUser sysUser = new SysUser();
BeanUtils.copyProperties(userDto, sysUser);
sysUser.setDelFlag(CommonConstants.STATUS_NORMAL);
sysUser.setPassword(ENCODER.encode(userDto.getPassword()));
baseMapper.insert(sysUser);
List<SysUserRole> userRoleList = userDto.getRole().stream().map(roleId -> {
SysUserRole userRole = new SysUserRole();
userRole.setUserId(sysUser.getUserId());
userRole.setRoleId(roleId);
return userRole;
}).collect(Collectors.toList());
return sysUserRoleService.saveBatch(userRoleList);
}
3.2、构建userdetails
{tajia-common-security}SysUserServiceImpl.java
/**
* 构建userdetails
*
* @param result 用户信息
* @return
*/
private UserDetails getUserDetails(R<UserInfo> result) {
if (result == null || result.getData() == null) {
throw new UsernameNotFoundException("用户不存在");
}
UserInfo info = result.getData();
Set<String> dbAuthsSet = new HashSet<>();
if (ArrayUtil.isNotEmpty(info.getRoles())) {
// 获取角色
Arrays.stream(info.getRoles()).forEach(roleId -> dbAuthsSet.add(SecurityConstants.ROLE + roleId));
// 获取资源
dbAuthsSet.addAll(Arrays.asList(info.getPermissions()));
}
Collection<? extends GrantedAuthority> authorities = AuthorityUtils
.createAuthorityList(dbAuthsSet.toArray(new String[0]));
SysUser user = info.getSysUser();
boolean enabled = StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL);
// 构造security用户
// user.getPassword() 就是数据库密码
return new TajiaUser(UserTypeEnum.ADMIN_USER.getUserType(), user.getUserId(), user.getDeptId(), user.getPhone(), user.getAvatar(), user.getTenantId(),
user.getUsername(), SecurityConstants.BCRYPT + user.getPassword(), enabled, true, true,
!CommonConstants.STATUS_LOCK.equals(user.getLockFlag()), authorities);
}
3.3、登录密码验证
在{tajia-common-security}XkUserAuthenticationProvider,继承AbstractUserDetailsAuthenticationProvider,用来登录验证。
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
log.debug("Failed to authenticate since no credentials provided");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
//密码明文
String presentedPassword = authentication.getCredentials().toString();
//验证登录密码是否匹配
if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
this.logger.debug("Failed to authenticate since password does not match stored value");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
}
注意:手动修改数据库密码,要清理缓存。