• 基于SpringSecurity google 二次验证


    主要就是 增加安全性,类似于 短信二次验证一样,不过Google 二次验证 提供的是开源一套算法,节约成本,很多网站为了真加安全性,都开启了二次验证 。

    java 具体思路
    1. 网站或者服务端 开启二次验证 ,引入开源工具包
    1. 编写对应的工具类,生成二维码链接,用户扫描绑定 秘钥key

    2. 自定义 AuthenticationProvider,UsernamePasswordAuthenticationToken 在校验完用户密码后再 处理 google 校验逻辑

    代码
    1. 修改配置SpringSecurity
    httpSecurity.authenticationProvider(new CustomerAuthenticationProvider(userDetailsService,bCryptPasswordEncoder()));
    
    1. 自定义 CustomerAuthenticationProvider,CustomerUsernamePasswordAuthenticationToken 直接继承重写父类方法就行

      
      
      public class CustomerAuthenticationProvider extends DaoAuthenticationProvider {
      
          public CustomerAuthenticationProvider(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
              super();
              setUserDetailsService(userDetailsService);
              setPasswordEncoder(bCryptPasswordEncoder);
          }
      
          protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
              if (authentication.getCredentials() == null) {
                  this.logger.debug("Failed to authenticate since no credentials provided");
                  throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
              } else {
                  String presentedPassword = authentication.getCredentials().toString();
                  if (!getPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) {
                      this.logger.debug("Failed to authenticate since password does not match stored value");
                      throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                  }
                  googleAuthenticator((LoginUser) userDetails, (CustomerUsernamePasswordAuthenticationToken) authentication);
      
              }
          }
      
          /**
           * Google 二次验证
           * @param userDetails
           * @param authentication
           */
          private void googleAuthenticator(LoginUser userDetails, CustomerUsernamePasswordAuthenticationToken authentication) {
              // Google 二次验证
              LoginUser loginUser = userDetails;
              SysUser user = loginUser.getUser();
              String googleAuthSecret = user.getGoogleAuthSecret();
              if(StringUtils.isBlank(googleAuthSecret)){
                  throw new ServiceException(GOOGLE_AUTHENTICATOR_401001.getMsg(),GOOGLE_AUTHENTICATOR_401001.getCode());
              }
              CustomerUsernamePasswordAuthenticationToken customerToken = authentication;
              String code = customerToken.getCode();
              boolean valid = GoogleAuthenticatorUtils.valid(googleAuthSecret, Integer.valueOf(code).intValue());
              if(!valid){
                  throw new ServiceException("Google Authenticator 验证码错误");
              }
          }
      
      }
      
      public class CustomerUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {
          /**
           * Google 二次验证 生成 code
           */
          private String code;
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials) {
              super(principal, credentials);
          }
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials,String code) {
              super(principal, credentials);
              this.code = code;
          }
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
              super(principal, credentials, authorities);
      
          }
      
          public String getCode() {
              return code;
          }
      
          public void setCode(String code) {
              this.code = code;
          }
      }
      
      // 调用自定义 CustomerUsernamePasswordAuthenticationToken
      authentication = authenticationManager
                          .authenticate(new CustomerUsernamePasswordAuthenticationToken(username, password,code));
      
    elk
  • 相关阅读:
    Elasticsearch5.x批量插入数据(Java)
    Elasticsearch5.x创建索引(Java)
    Kibana5.x界面简要介绍(含x-pack插件)
    CentOS6.5安装Kibana5.3.0
    Elasticsearch5.x Head插件安装
    CentOS6.5安装Elasticsearch5.3.0
    jenkins发布Spring Cloud(单机版)
    prometheus 监控docker
    gitlab迁移单个项目
    python使用pika操作rabbitmq
  • 原文地址:https://www.cnblogs.com/lyc88/p/15703854.html
Copyright © 2020-2023  润新知