• ruoyi 前后端分离 增加手机号登录

    增加一下类

    1. package com.zscq.framework.sms;
    2.  
    3. import org.springframework.security.authentication.AuthenticationProvider;
    4. import org.springframework.security.core.Authentication;
    5. import org.springframework.security.core.AuthenticationException;
    6. import org.springframework.security.core.userdetails.UserDetails;
    7. import org.springframework.security.core.userdetails.UserDetailsService;
    8.  
    9. /**
    10.  * 短信登陆鉴权 Provider,要求实现 AuthenticationProvider 接口
    11.  *
    12.  * @author gmk
    13.  */
    14. public class SmsCodeAuthenticationProvider implements AuthenticationProvider {
    15.  
    16.     private UserDetailsService userDetailsService;
    17.  
    18.     @Override
    19.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    20.         SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;
    21.  
    22.         String telephone = (String) authenticationToken.getPrincipal();
    23.  
    24.         UserDetails userDetails = userDetailsService.loadUserByUsername(telephone);
    25.  
    26.         // 此时鉴权成功后,应当重新 new 一个拥有鉴权的 authenticationResult 返回
    27.         SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(userDetails, userDetails.getAuthorities());
    28.  
    29.         authenticationResult.setDetails(authenticationToken.getDetails());
    30.  
    31.         return authenticationResult;
    32.     }
    33.  
    34.  
    35.     @Override
    36.     public boolean supports(Class authentication) {
    37.         // 判断 authentication 是不是 SmsCodeAuthenticationToken 的子类或子接口
    38.         return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication);
    39.     }
    40.  
    41.     public UserDetailsService getUserDetailsService() {
    42.         return userDetailsService;
    43.     }
    44.  
    45.     public void setUserDetailsService(UserDetailsService userDetailsService) {
    46.         this.userDetailsService = userDetailsService;
    47.     }
    48. }
    1. package com.zscq.framework.sms;
    2.  
    3. import org.springframework.security.authentication.AbstractAuthenticationToken;
    4. import org.springframework.security.core.GrantedAuthority;
    5. import org.springframework.security.core.SpringSecurityCoreVersion;
    6.  
    7. import java.util.Collection;
    8.  
    9. /**
    10.  * 短信登录 AuthenticationToken,模仿 UsernamePasswordAuthenticationToken 实现
    11.  *
    12.  * @author gmk
    13.  */
    14. public class SmsCodeAuthenticationToken extends AbstractAuthenticationToken {
    15.  
    16.     private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
    17.  
    18.     /**
    19.      * 在 UsernamePasswordAuthenticationToken 中该字段代表登录的用户名,
    20.      * 在这里就代表登录的手机号码
    21.      */
    22.     private final Object principal;
    23.  
    24.     /**
    25.      * 构建一个没有鉴权的 SmsCodeAuthenticationToken
    26.      */
    27.     public SmsCodeAuthenticationToken(Object principal) {
    28.         super(null);
    29.         this.principal = principal;
    30.         setAuthenticated(false);
    31.     }
    32.  
    33.     /**
    34.      * 构建拥有鉴权的 SmsCodeAuthenticationToken
    35.      */
    36.     public SmsCodeAuthenticationToken(Object principal, Collection authorities) {
    37.         super(authorities);
    38.         this.principal = principal;
    39.         // must use super, as we override
    40.         super.setAuthenticated(true);
    41.     }
    42.  
    43.     @Override
    44.     public Object getCredentials() {
    45.         return null;
    46.     }
    47.  
    48.     @Override
    49.     public Object getPrincipal() {
    50.         return this.principal;
    51.     }
    52.  
    53.     @Override
    54.     public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
    55.         if (isAuthenticated) {
    56.             throw new IllegalArgumentException(
    57.                     "Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
    58.         }
    59.  
    60.         super.setAuthenticated(false);
    61.     }
    62.  
    63.     @Override
    64.     public void eraseCredentials() {
    65.         super.eraseCredentials();
    66.     }
    67.  
    68. }
    1. package com.zscq.framework.sms;
    2.  
    3. import com.zscq.common.core.domain.entity.SysUser;
    4. import com.zscq.common.core.domain.model.LoginUser;
    5. import com.zscq.common.enums.UserStatus;
    6. import com.zscq.common.exception.base.BaseException;
    7. import com.zscq.common.utils.StringUtils;
    8. import com.zscq.framework.web.service.SysPermissionService;
    9. import com.zscq.system.service.ISysUserService;
    10. import org.slf4j.Logger;
    11. import org.slf4j.LoggerFactory;
    12. import org.springframework.beans.factory.annotation.Autowired;
    13. import org.springframework.security.core.userdetails.UserDetails;
    14. import org.springframework.security.core.userdetails.UserDetailsService;
    15. import org.springframework.security.core.userdetails.UsernameNotFoundException;
    16. import org.springframework.stereotype.Service;
    17.  
    18. /**
    19.  * 用户验证处理
    20.  *
    21.  * @author gmk
    22.  */
    23. @Service("userDetailsByTelephoneServiceImpl")
    24. public class UserDetailsByTelephoneServiceImpl implements UserDetailsService {
    25.     private static final Logger log = LoggerFactory.getLogger(UserDetailsByTelephoneServiceImpl.class);
    26.  
    27.     @Autowired
    28.     private ISysUserService userService;
    29.  
    30.     @Autowired
    31.     private SysPermissionService permissionService;
    32.  
    33.     @Override
    34.     public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException {
    35.         SysUser user = userService.selectUserByPhonenumber(phone);
    36.         if (StringUtils.isNull(user)) {
    37.             log.info("登录用户:{} 不存在.", phone);
    38.             throw new UsernameNotFoundException("登录用户:" + phone + " 不存在");
    39.         } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
    40.             log.info("登录用户:{} 已被删除.", phone);
    41.             throw new BaseException("对不起,您的账号:" + phone + " 已被删除");
    42.         } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
    43.             log.info("登录用户:{} 已被停用.", phone);
    44.             throw new BaseException("对不起,您的账号:" + phone + " 已停用");
    45.         }
    46.  
    47.         return createLoginUser(user);
    48.     }
    49.  
    50.     public UserDetails createLoginUser(SysUser user) {
    51.         return new LoginUser(user, permissionService.getMenuPermission(user));
    52.     }
    53. }
    SecurityConfig.java 修改

     

     

    1. package com.zscq.framework.config;
    2.  
    3. import com.zscq.framework.sms.SmsCodeAuthenticationProvider;
    4. import org.springframework.beans.factory.annotation.Autowired;
    5. import org.springframework.beans.factory.annotation.Qualifier;
    6. import org.springframework.context.annotation.Bean;
    7. import org.springframework.http.HttpMethod;
    8. import org.springframework.security.authentication.AuthenticationManager;
    9. import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    10. import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
    11. import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    12. import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    13. import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
    14. import org.springframework.security.config.http.SessionCreationPolicy;
    15. import org.springframework.security.core.userdetails.UserDetailsService;
    16. import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    17. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
    18. import org.springframework.security.web.authentication.logout.LogoutFilter;
    19. import org.springframework.web.filter.CorsFilter;
    20. import com.zscq.framework.config.properties.PermitAllUrlProperties;
    21. import com.zscq.framework.security.filter.JwtAuthenticationTokenFilter;
    22. import com.zscq.framework.security.handle.AuthenticationEntryPointImpl;
    23. import com.zscq.framework.security.handle.LogoutSuccessHandlerImpl;
    24.  
    25. import javax.annotation.Resource;
    26.  
    27. /**
    28.  * spring security配置
    29.  * 
    30.  * @author ruoyi
    31.  */
    32. @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    33. public class SecurityConfig extends WebSecurityConfigurerAdapter
    34. {
    35.     /**
    36.      * 自定义用户(账号密码)认证逻辑
    37.      */
    38.     @Autowired
    39.     @Qualifier("userDetailsServiceImpl")
    40.     private UserDetailsService userDetailsService;
    41.  
    42.     /**
    43.      * 自定义用户(手机号验证码)认证逻辑
    44.      */
    45.     @Autowired
    46.     @Qualifier("userDetailsByTelephoneServiceImpl")
    47.     private UserDetailsService userDetailsServiceByTelephone;
    48.  
    49.     
    50.     /**
    51.      * 认证失败处理类
    52.      */
    53.     @Autowired
    54.     private AuthenticationEntryPointImpl unauthorizedHandler;
    55.  
    56.     /**
    57.      * 退出处理类
    58.      */
    59.     @Autowired
    60.     private LogoutSuccessHandlerImpl logoutSuccessHandler;
    61.  
    62.     /**
    63.      * token认证过滤器
    64.      */
    65.     @Autowired
    66.     private JwtAuthenticationTokenFilter authenticationTokenFilter;
    67.     
    68.     /**
    69.      * 跨域过滤器
    70.      */
    71.     @Autowired
    72.     private CorsFilter corsFilter;
    73.  
    74.     /**
    75.      * 允许匿名访问的地址
    76.      */
    77.     @Autowired
    78.     private PermitAllUrlProperties permitAllUrl;
    79.  
    80.     /**
    81.      * 解决 无法直接注入 AuthenticationManager
    82.      *
    83.      * @return
    84.      * @throws Exception
    85.      */
    86.     @Bean
    87.     @Override
    88.     public AuthenticationManager authenticationManagerBean() throws Exception
    89.     {
    90.         return super.authenticationManagerBean();
    91.     }
    92.  
    93.     /**
    94.      * anyRequest          |   匹配所有请求路径
    95.      * access              |   SpringEl表达式结果为true时可以访问
    96.      * anonymous           |   匿名可以访问
    97.      * denyAll             |   用户不能访问
    98.      * fullyAuthenticated  |   用户完全认证可以访问(非remember-me下自动登录)
    99.      * hasAnyAuthority     |   如果有参数,参数表示权限,则其中任何一个权限可以访问
    100.      * hasAnyRole          |   如果有参数,参数表示角色,则其中任何一个角色可以访问
    101.      * hasAuthority        |   如果有参数,参数表示权限,则其权限可以访问
    102.      * hasIpAddress        |   如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问
    103.      * hasRole             |   如果有参数,参数表示角色,则其角色可以访问
    104.      * permitAll           |   用户可以任意访问
    105.      * rememberMe          |   允许通过remember-me登录的用户访问
    106.      * authenticated       |   用户登录后可访问
    107.      */
    108.     @Override
    109.     protected void configure(HttpSecurity httpSecurity) throws Exception
    110.     {
    111.         // 注解标记允许匿名访问的url
    112.         ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
    113.         permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
    114.  
    115.         SmsCodeAuthenticationProvider smsCodeAuthenticationProvider = new SmsCodeAuthenticationProvider();
    116.         smsCodeAuthenticationProvider.setUserDetailsService(userDetailsServiceByTelephone);
    117.  
    118.         httpSecurity
    119.                 // CSRF禁用,因为不使用session
    120.                 .csrf().disable()
    121.                 // 认证失败处理类
    122.                 .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
    123.                 // 基于token,所以不需要session
    124.                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
    125.                 // 过滤请求
    126.                 .authorizeRequests()
    127.                 // 对于登录login 注册register 验证码captchaImage 短信验证码请求 允许匿名访问
    128.                 .antMatchers("/login","/loginByPhone", "/register", "/captchaImage","/sendSms").anonymous()
    129.                 // 静态资源,可匿名访问
    130.                 .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
    131.                 .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
    132.                 // 除上面外的所有请求全部需要鉴权认证
    133.                 .anyRequest().authenticated()
    134.                 .and()
    135.                 .headers().frameOptions().disable();
    136.         // 添加Logout filter
    137.         httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
    138.         // 添加JWT filter
    139.         httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    140.         // 添加CORS filter
    141.         httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
    142.         httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class)//手机验证码的provider
    143.                 .authenticationProvider(smsCodeAuthenticationProvider);
    144.     }
    145.  
    146.     /**
    147.      * 强散列哈希加密实现
    148.      */
    149.     @Bean
    150.     public BCryptPasswordEncoder bCryptPasswordEncoder()
    151.     {
    152.         return new BCryptPasswordEncoder();
    153.     }
    154.  
    155.     /**
    156.      * 身份认证接口
    157.      */
    158.     @Override
    159.     protected void configure(AuthenticationManagerBuilder auth) throws Exception
    160.     {
    161.         auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    162.     }
    163. }
    SysLoginController.java增加 
    1.     /**
    2.      * 登录方法,手机号登录
    3.      *
    4.      * @param loginBody 登录信息
    5.      * @return 结果
    6.      */
    7.     @PostMapping("/loginByPhone")
    8.     public AjaxResult loginByPhone(@RequestBody LoginBody loginBody)
    9.     {
    10.         AjaxResult ajax = AjaxResult.success();
    11.         // 生成令牌
    12.         String token = loginService.loginByPhone(loginBody.getPhonenumber(),loginBody.getCode(),
    13.                 loginBody.getUuid());
    14.         ajax.put(Constants.TOKEN, token);
    15.         return ajax;
    16.     }
    SysLoginService.java增加 
    1. /**
    2.      * 登录验证
    3.      *
    4.      * @param phonenumber 手机号
    5.      * @param code 验证码
    6.      * @param uuid 唯一标识
    7.      * @return 结果
    8.      */
    9.     public String loginByPhone(String phonenumber,String code, String uuid)
    10.     {
    11.         // 校验手机验证码
    12.         checkMessageCaptcha(code, uuid);
    13.         /// 用户验证
    14.         Authentication authentication = null;
    15.         try {
    16.             // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
    17.             authentication = authenticationManager
    18.                     .authenticate(new SmsCodeAuthenticationToken(phonenumber));
    19.         } catch (Exception e) {
    20.             if (e instanceof BadCredentialsException) {
    21.                 AsyncManager.me().execute(AsyncFactory.recordLogininfor(phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
    22.                 throw new UserPasswordNotMatchException();
    23.             } else {
    24.                 AsyncManager.me().execute(AsyncFactory.recordLogininfor(phonenumber, Constants.LOGIN_FAIL, e.getMessage()));
    25.                 throw new ServiceException(e.getMessage());
    26.             }
    27.         }
    28.         AsyncManager.me().execute(AsyncFactory.recordLogininfor(phonenumber, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
    29.         LoginUser loginUser = (LoginUser) authentication.getPrincipal();
    30.         // 生成token
    31.         return tokenService.createToken(loginUser);
    32.     }
    33.  
    34.     /**
    35.      * 校验短信验证码
    36.      * @param code
    37.      * @param uuid
    38.      */
    39.     private void checkMessageCaptcha(String code, String uuid) {
    40.         // 校验短信验证码是否正确
    41.         String verifyKey = CacheConstants.SMS_CODE_KEY + uuid;
    42.         String captcha = redisCache.getCacheObject(verifyKey);
    43.  
    44.         if (!code.equalsIgnoreCase(captcha))
    45.         {
    46.             throw new ServiceException("验证码不正确");
    47.         }
    48.     }

  • 相关阅读:
    容器化|自建 MySQL 集群迁移到 Kubernetes
    重磅!这本SSCI期刊已解除On Hold状态!警惕目前6本SCIE/ESCI期刊被标记!
    【软件分析第12讲-学习笔记】可满足性模理论 Satisfiability Modulo Theories
    [NewStarCTF 2023 公开赛道]R!C!E!
    医疗机器人技术研究现状
    rocketmq-console-1.0.0启动报错
    为什么大模型计算的时候只会利用KVcache来存放KV矩阵,Q矩阵每次不一样?
    [贪心算法]忍者道具
    深入理解 python 虚拟机:花里胡哨的魔术方法
    想要成为CSS大师?这些技巧是你必须知道的!
  • 原文地址:https://blog.csdn.net/qq_29384639/article/details/128081547