springsecurity自定义认证

java 复制代码
// jwt 方式
package com.kongjs.note.system.convert;

import com.kongjs.note.admin.model.dto.TokenInfoDTO;
import com.kongjs.note.admin.service.TokenService;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Slf4j
@Component
public class JwtAuthenticationConverter implements AuthenticationConverter {

    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;

    @Resource
    private TokenService tokenService;
    @Resource
    private UserDetailsService userDetailsService;

    public JwtAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public JwtAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        log.info("JwtAuthenticationConverter Start -->");
        String token = request.getHeader("Token");
        if (!StringUtils.hasText(token)) {
            return null;
        }
        TokenInfoDTO tokenInfoDTO = tokenService.parseAccessToken(token);
        if (ObjectUtils.isEmpty(tokenInfoDTO) || !StringUtils.hasText(tokenInfoDTO.getUsername())) {
            return null;
        }
        String username = tokenInfoDTO.getUsername();
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
        result.setDetails(this.authenticationDetailsSource.buildDetails(request));
        return result;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}
java 复制代码
package com.kongjs.note.system.convert;

import com.kongjs.note.admin.security.authentication.dto.LoginDTO;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

public class RestAuthenticationConverter implements AuthenticationConverter {
    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private final HttpMessageConverter<Object> converter = new MappingJackson2HttpMessageConverter();

    public RestAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public RestAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        if (!request.getRequestURI().equals("/login")) {
            return null;
        }
        if (!request.getMethod().equals("POST")) {
            return null;
        }
        if (!MediaType.parseMediaType(request.getContentType()).equals(MediaType.APPLICATION_JSON)) {
            return null;
        }
        LoginDTO dto;
        try {
            dto = (LoginDTO) converter.read(LoginDTO.class, new ServletServerHttpRequest(request));
        } catch (Exception e) {
            return null;
        }
        String username = dto.getUsername();
        username = username != null ? username.trim() : "";
        String password = dto.getPassword();
        password = password != null ? password : "";
        UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password);
        this.setDetails(request, authRequest);
        return authRequest;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}
相关推荐
paopaokaka_luck9 分钟前
智能推荐社交分享小程序(websocket即时通讯、协同过滤算法、时间衰减因子模型、热度得分算法)
数据库·vue.js·spring boot·后端·websocket·小程序
柒七爱吃麻辣烫32 分钟前
八股文系列-----SpringBoot自动配置的流程
java·spring boot·rpc
邓不利东2 小时前
Spring中过滤器和拦截器的区别及具体实现
java·后端·spring
头发那是一根不剩了2 小时前
Spring Boot 多数据源切换:AbstractRoutingDataSource
数据库·spring boot·后端
草履虫建模3 小时前
Redis:高性能内存数据库与缓存利器
java·数据库·spring boot·redis·分布式·mysql·缓存
苹果醋33 小时前
Vue3组合式API应用:状态共享与逻辑复用最佳实践
java·运维·spring boot·mysql·nginx
努力的小郑3 小时前
Spring三级缓存硬核解密:二级缓存行不行?一级缓存差在哪?
java·spring·面试
hello早上好4 小时前
Spring AOP:从代理创建到切点匹配
java·后端·spring
chanalbert4 小时前
从单体到微服务:Spring Cloud 开篇与微服务设计
spring boot·spring·spring cloud
psjasf13144 小时前
使用Ideal创建一个spring boot的helloWorld项目
java·spring boot·后端