查網上資料增加短信驗證碼登錄都要增加一大推，要重頭寫Spring Security的實現，我呢，只想在原來的密碼登錄基礎上簡單實現一下短信驗證碼登錄。
1、首先得先一個認證類，來認證驗證碼是否正確，這個類要實現Spring Security提供的AuthenticationProvider接口
2、其次需要一個認證令牌的類，作為你的認證信息，這個類要繼承Spring Security提供的AbstractAuthenticationToken抽象類
3、然后要把你的認證類加到spring security配置中，就是繼承WebSecurityConfigurerAdapter的類
4、最后就是登陸時調用Spring Security的認證了
上代碼：
1、認證類

import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component;@Component public class SmsAuthenticationProvider implements AuthenticationProvider {//用戶驗證處理 實現Spring Security提供的UserDetailsService的類 下面會給這個類private UserDetailsServiceImpl userDetailsServiceImpl;//redis緩存 用你的緩存就行 這個就不給了 用來存放驗證碼的private RedisCache redisCache;public SmsAuthenticationProvider(@Qualifier("userDetailsServiceImpl") UserDetailsServiceImpl smsUserDetailsServiceImpl, RedisCache redisCache) {this.userDetailsServiceImpl = smsUserDetailsServiceImpl;this.redisCache = redisCache;}@Overridepublic Authentication authenticate(Authentication authentication) throws AuthenticationException {SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;Object principal = authentication.getPrincipal();// 獲取憑證也就是用戶的手機號String phone = "";if (principal instanceof String) {phone = (String) principal;}String inputCode = (String) authentication.getCredentials(); // 獲取輸入的驗證碼Integer cacheObject = redisCache.getCacheObject("login"+phone);// 1. 檢驗Redis手機號的驗證碼if (cacheObject == null) {throw new BadCredentialsException("驗證碼已經過期或尚未發送，請重新發送驗證碼");}if (!inputCode.equals(cacheObject+"")) {throw new BadCredentialsException("輸入的驗證碼不正確，請重新輸入");}// 2. 根據手機號查詢用戶信息UserDetails userDetails = userDetailsServiceImpl.loadUserByUsername(phone);if (userDetails == null) {throw new InternalAuthenticationServiceException("phone用戶不存在，請注冊");}// 3. 重新創建已認證對象,SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(userDetails, inputCode, userDetails.getAuthorities());authenticationResult.setDetails(authenticationToken.getDetails());return authenticationResult;}@Overridepublic boolean supports(Class<?> aClass) {return SmsCodeAuthenticationToken.class.isAssignableFrom(aClass);} }

UserDetailsServiceImpl類 這里面的東西就不固定了 想咋寫就咋寫 主要是loadUserByUsername方法 這個必須有 返回的UserDetails（Spring Security提供的用來存放用戶信息的類，你可以隨便寫個類實現這個類，然后你就可以存放你自己要用的信息了）loadUserByUsername這個方法會在調用Spring Security的認證時用 我會在代碼中表明在哪塊會調用到這個類

import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service;/*** 用戶驗證處理** @author ruoyi*/ @Service public class UserDetailsServiceImpl implements UserDetailsService {private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);@Autowiredprivate ISysUserService userService;@Autowiredprivate SysPermissionService permissionService;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{SysUser user = userService.selectUserByUserNameOrPhone(username);if (StringUtils.isNull(user)){log.info("登錄用戶：{} 不存在.", username);throw new ServiceException("登錄用戶：" + username + " 不存在");}else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())){log.info("登錄用戶：{} 已被刪除.", username);throw new ServiceException("對不起，您的賬號：" + username + " 已被刪除");}else if (UserStatus.DISABLE.getCode().equals(user.getStatus())){log.info("登錄用戶：{} 已被停用.", username);throw new ServiceException("對不起，您的賬號：" + username + " 已停用");}return createLoginUser(user);}public UserDetails createLoginUser(SysUser user){return new LoginUser(user.getUserId(), user.getDeptId(), user.getClinicId(), user, permissionService.getMenuPermission(user));} }

2、存放認證令牌

import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityCoreVersion;import java.util.Collection;public class SmsCodeAuthenticationToken extends AbstractAuthenticationToken {private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;private final Object principal; //存放認證信息，認證之前存放手機號，認證之后存放登錄的用戶private Object credentials;public SmsCodeAuthenticationToken(String mobile, Object credentials) {super(null);this.principal = mobile;this.credentials = credentials;this.setAuthenticated(false);}public SmsCodeAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {super(authorities);this.principal = principal;this.credentials = credentials;super.setAuthenticated(true);}public Object getCredentials() {return this.credentials;}public Object getPrincipal() {return this.principal;}public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {if (isAuthenticated) {throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");} else {super.setAuthenticated(false);}}public void eraseCredentials() {super.eraseCredentials();this.credentials = null;} }

3、spring security配置


4、登錄調用認證

/*** 驗證碼登錄* * @param username 用戶名* @param code 驗證碼* @return 結果*/public String loginSms(String phone, String smsCode){// 用戶驗證Authentication authentication = null;try{// 該方法會去調用UserDetailsServiceImpl.loadUserByUsername（這塊調用了UserDetailsServiceImpl的loadUserByUsername）authentication = authenticationManager.authenticate(new SmsCodeAuthenticationToken(phone, smsCode));}catch (Exception e){if (e instanceof BadCredentialsException){AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, null,Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));throw new UserPasswordNotMatchException();}else{AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, null,Constants.LOGIN_FAIL, e.getMessage()));throw new ServiceException(e.getMessage());}}LoginUser loginUser = (LoginUser) authentication.getPrincipal();AsyncManager.me().execute(AsyncFactory.recordLogininfor(phone, loginUser.getClinicId(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));//上面已經結束了 剩下交給你自己了recordLoginInfo(loginUser.getUserId());// 生成token 這塊你們根據你們的業務自己寫了 tokenService.createToken使我們的業務方法return tokenService.createToken(loginUser);}

總結

以上是生活随笔為你收集整理的Spring Security简单增加短信验证码登录的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。