springsecurity自定义认证

java 复制代码
// jwt 方式
package com.kongjs.note.system.convert;

import com.kongjs.note.admin.model.dto.TokenInfoDTO;
import com.kongjs.note.admin.service.TokenService;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Slf4j
@Component
public class JwtAuthenticationConverter implements AuthenticationConverter {

    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;

    @Resource
    private TokenService tokenService;
    @Resource
    private UserDetailsService userDetailsService;

    public JwtAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public JwtAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        log.info("JwtAuthenticationConverter Start -->");
        String token = request.getHeader("Token");
        if (!StringUtils.hasText(token)) {
            return null;
        }
        TokenInfoDTO tokenInfoDTO = tokenService.parseAccessToken(token);
        if (ObjectUtils.isEmpty(tokenInfoDTO) || !StringUtils.hasText(tokenInfoDTO.getUsername())) {
            return null;
        }
        String username = tokenInfoDTO.getUsername();
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
        result.setDetails(this.authenticationDetailsSource.buildDetails(request));
        return result;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}
java 复制代码
package com.kongjs.note.system.convert;

import com.kongjs.note.admin.security.authentication.dto.LoginDTO;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

public class RestAuthenticationConverter implements AuthenticationConverter {
    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private final HttpMessageConverter<Object> converter = new MappingJackson2HttpMessageConverter();

    public RestAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public RestAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        if (!request.getRequestURI().equals("/login")) {
            return null;
        }
        if (!request.getMethod().equals("POST")) {
            return null;
        }
        if (!MediaType.parseMediaType(request.getContentType()).equals(MediaType.APPLICATION_JSON)) {
            return null;
        }
        LoginDTO dto;
        try {
            dto = (LoginDTO) converter.read(LoginDTO.class, new ServletServerHttpRequest(request));
        } catch (Exception e) {
            return null;
        }
        String username = dto.getUsername();
        username = username != null ? username.trim() : "";
        String password = dto.getPassword();
        password = password != null ? password : "";
        UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password);
        this.setDetails(request, authRequest);
        return authRequest;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}
相关推荐
ZhengEnCi2 小时前
S02-SpringBoot实体类新增字段对已有数据的影响及自动DDL同步机制详解
数据库·spring boot
程序员张32 小时前
SpringBoot集成BCrypt密码加密库
java·spring boot·后端
闲猫2 小时前
Spring AI Agentic 模式(第1部分):Agent Skills——模块化、可复用的能力
java·人工智能·spring
952363 小时前
RabbitMQ-基础操作
java·spring boot·分布式·后端·spring·rabbitmq
卓怡学长3 小时前
w266基于spring boot + vue 圣地延安美食乐享系统
java·数据库·vue.js·spring boot·spring·intellij-idea
Listen·Rain5 小时前
Springboot整合Ollama实现调用本地多模型
java·spring boot·后端
宠友信息6 小时前
多端即时通讯源码技术实践,Redis路由、MySQL持久化与Socket接入
spring boot·websocket·mysql·uni-app
Tom·Ge7 小时前
【Spring Boot 4】Spring Boot 4.0 AI Agent实战:Skills Agent + MCP协议集成
人工智能·spring boot·microsoft
Devin~Y7 小时前
电商场景下的Java面试实战:从Spring Boot微服务到Kafka、Redis与AI RAG
java·spring boot·redis·elasticsearch·spring cloud·微服务·kafka
wang09077 小时前
自己动手写一个spring之MVC_3
java·spring·mvc