当前位置: 首页 > news >正文

springsecurity自定义认证

news 来源:原创 2025/5/17 6:17:00 
// jwt 方式
package com.kongjs.note.system.convert;

import com.kongjs.note.admin.model.dto.TokenInfoDTO;
import com.kongjs.note.admin.service.TokenService;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Slf4j
@Component
public class JwtAuthenticationConverter implements AuthenticationConverter {

    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;

    @Resource
    private TokenService tokenService;
    @Resource
    private UserDetailsService userDetailsService;

    public JwtAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public JwtAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        log.info("JwtAuthenticationConverter Start -->");
        String token = request.getHeader("Token");
        if (!StringUtils.hasText(token)) {
            return null;
        }
        TokenInfoDTO tokenInfoDTO = tokenService.parseAccessToken(token);
        if (ObjectUtils.isEmpty(tokenInfoDTO) || !StringUtils.hasText(tokenInfoDTO.getUsername())) {
            return null;
        }
        String username = tokenInfoDTO.getUsername();
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities());
        result.setDetails(this.authenticationDetailsSource.buildDetails(request));
        return result;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}


package com.kongjs.note.system.convert;

import com.kongjs.note.admin.security.authentication.dto.LoginDTO;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

public class RestAuthenticationConverter implements AuthenticationConverter {
    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private final HttpMessageConverter<Object> converter = new MappingJackson2HttpMessageConverter();

    public RestAuthenticationConverter() {
        this(new WebAuthenticationDetailsSource());
    }

    public RestAuthenticationConverter(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    @Override
    public Authentication convert(HttpServletRequest request) {
        if (!request.getRequestURI().equals("/login")) {
            return null;
        }
        if (!request.getMethod().equals("POST")) {
            return null;
        }
        if (!MediaType.parseMediaType(request.getContentType()).equals(MediaType.APPLICATION_JSON)) {
            return null;
        }
        LoginDTO dto;
        try {
            dto = (LoginDTO) converter.read(LoginDTO.class, new ServletServerHttpRequest(request));
        } catch (Exception e) {
            return null;
        }
        String username = dto.getUsername();
        username = username != null ? username.trim() : "";
        String password = dto.getPassword();
        password = password != null ? password : "";
        UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password);
        this.setDetails(request, authRequest);
        return authRequest;
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }
}

相关文章:

  • 使用QT读取文件,生成json文件
  • leetcode 518. 零钱兑换 II
  • 美团将为全职及稳定兼职骑手缴纳社保,未来将覆盖所有骑手
  • 扩展 Cargo 的自定义命令
  • 23种设计模式 - 解释器模式
  • 视频帧的划分与冗余信息去除的关系
  • 4.7 学习UVM中的阶段机制,应用到具体示例分为几步?
  • uniapp uni.request重复请求处理
  • “以数治税”时代 数据要素的价值挖掘
  • C 指针和整数的加减法运算
  • 六、soul源码学习-SpringCloud项目本地运行
  • 【核心算法篇十七】《深度解析DeepSeek概率图模型:贝叶斯网络推理引擎的技术内核》
  • 【如何基于Debian构建Kali Linux】
  • Linux-进程概念
  • 配置haproxy实现MySQL服务器负载均衡
  • 【技术前沿】中安购物小票识别系统:1秒内精准识别,助力商场智能化升级!
  • 撕碎QT面具(7):container控件被spacer挤扁,无法进行控件添加的处理方案。
  • YOLOv12从入门到入土(含结构图)
  • Mysql测试连接失败
  • 【机器学习】K折交叉验证(K-Fold Cross-Validation)
  • 以军证实空袭也门多个港口
  • 最高检公布一起离婚纠纷典型案例:推动离婚经济补偿制度落实
  • 日本一季度实际GDP环比下降0.2%
  • 美联储主席:供应冲击或更频繁,将重新评估货币政策方法中的通胀和就业因素
  • 中国青年报:为见义勇为者安排补考,体现了教育的本质目标
  • 车载抬头显示爆发在即?业内:凭借市场和产业链优势,国内供应商实现反超