若依 Spring Security 短信，扫码登录

1. 修改 LoginBody，添加登录类型字段

   @Data
   public class LoginBody {
   /**
   * 用户名
   */
   private String username;

    /**
     * 用户密码
     */
    private String password;
   
    /**
     * 验证码
     */
    private String code;
   
    /**
     * 唯一标识
     */
    private String uuid;
   
    /**
     * 登录类型
     */
    private String loginType;

   }

2.定义一个常量

package com.ruoyi.common.core.domain.constant;

/**
 * @author Ls
 * @date 2024/6/4
 */
public class LoginTypeConstant {
    public static final String PASSWORD_LOGIN = "password";
    public static final String MOBILE_LOGIN = "mobile";
    public static final String QR_CODE_LOGIN = "qrCode";
}

3.修改登录接口

    @PostMapping("/login")
    public AjaxResult login(@RequestBody LoginBody loginBody) {
        AjaxResult ajax = AjaxResult.success();
        loginBody.setLoginType(LoginTypeConstant.MOBILE_LOGIN);
        // 生成令牌
        String token = loginService.login(loginBody);
        ajax.put(Constants.TOKEN, token);
        return ajax;
    }

4.重载登录实现类，基本不用改，loginbody 作为 credentials传入UsernamePasswordAuthenticationToken

    public String login(LoginBody loginBody) {
        String username = loginBody.getUsername();
//        // 验证码校验
//        validateCaptcha(username, code, uuid);
//        // 登录前置校验
//        loginPreCheck(username, password);
        // 用户验证
        Authentication authentication = null;
        try {
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, loginBody);
            AuthenticationContextHolder.setContext(authenticationToken);
            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
            authentication = authenticationManager.authenticate(authenticationToken);
        } catch (Exception e) {
            if (e instanceof BadCredentialsException) {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                throw new UserPasswordNotMatchException();
            } else {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                throw new ServiceException(e.getMessage());
            }
        } finally {
            AuthenticationContextHolder.clearContext();
        }
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        recordLoginInfo(loginUser.getUserId());
        // 生成token
        return tokenService.createToken(loginUser);
    }

5.自定义MyAuthenticationProvider类

package com.ruoyi.framework.security.mobile;

import com.ruoyi.common.core.domain.constant.LoginTypeConstant;
import com.ruoyi.common.core.domain.model.LoginBody;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.framework.web.service.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @author Ls
 * @date 2024/6/4
 */
@Component
public class MyAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException, UserPasswordNotMatchException {
        String name = authentication.getName();
        LoginBody loginBody = (LoginBody) authentication.getCredentials();
        String loginType = loginBody.getLoginType();
        UserDetails user;
        switch (loginType) {
            case LoginTypeConstant.PASSWORD_LOGIN:
                user = userDetailsService.loadUserByUsername(name);
                String password = loginBody.getPassword();
                String encoderPassword = bCryptPasswordEncoder.encode(password);
                // 数据库账号密码的校验能通过就通过
                if (bCryptPasswordEncoder.matches(password, user.getPassword())) {
                    return new UsernamePasswordAuthenticationToken(user, encoderPassword);
                }
            case LoginTypeConstant.MOBILE_LOGIN:
                user = userDetailsService.loadUserByPhone(loginBody);
                return new UsernamePasswordAuthenticationToken(user, loginBody.getCode());
            case LoginTypeConstant.QR_CODE_LOGIN:
                break;
            default:
                break;
        }
        // 如果都登录不了，就返回异常输出
        throw new UserPasswordNotMatchException();
    }

    @Override
    public boolean supports(Class<?> aClass) {
        return true;
    }
}

6.用户验证类新增手机号登录 UserDetailsServiceImpl

    public UserDetails loadUserByPhone(LoginBody loginBody) throws UsernameNotFoundException {
        // TODO: 2024/6/4  各种业务效验,这里图省事验证码放在password
        if (!Objects.equals(loginBody.getPassword(), "123456")) {
            throw new ServiceException("验证码错误");
        }

        //这里应该是根据手机号查询，我这里图省事直接拿账号登录
        String username = loginBody.getUsername();
        SysUser user = userService.selectUserByUserName(username);
        return createLoginUser(user);
    }

7.SecurityConfig调整，配置一下MyAuthenticationProvider

    /**
     * 自定义用户认证逻辑
     */
    @Autowired
    private MyAuthenticationProvider myAuthenticationProvider;


    /**
     * 身份认证接口
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(myAuthenticationProvider);
    }