类 CustomizeAuthenticationProvider
java.lang.Object
io.github.mangocrisp.spring.taybct.auth.security.granter.customize.CustomizeAuthenticationProvider
- 所有已实现的接口:
org.springframework.security.authentication.AuthenticationProvider
public class CustomizeAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider
鉴权处理,用来比对这密码是否正确
- 另请参阅:
-
AbstractUserDetailsAuthenticationProvider
-
字段概要
字段修饰符和类型字段说明private @NonNull BiConsumer<org.springframework.security.core.userdetails.UserDetails,org.springframework.security.core.Authentication> 添加自定义的验证规则,可以和前端传过来的参数做比对
比如 这里默认只比对密码是否匹配,你还可以自定义,但是注意的是
这里抛出的异常只能是 继承了AuthenticationException和 实现了我自定义的这个接口的类JsonResponseException,这个可以看一下ProviderManager.authenticate(org.springframework.security.core.Authentication),这个类的名字就可以看出来 , 他是可以管理所有的 Provider,现在是在 Provider 里面报的错都会被抓到,然后往上抛,然后我们看一下在AuthorizationServerConfig#authorizationServerSecurityFilterChain(HttpSecurity, ICustomizeTokenEndpointConfigurer, IGlobalExceptionReporter, IGlobalPrinter)里面定义的 exceptionHandling 异常端点,他默认/示例给的是使用LoginUrlAuthenticationEntryPoint这个端点,但是这个端点只会跳转页面,或者是转发,这个不符合我们想要打印报错信息给前端,好再这个是可以继承的,可以看我新写的JsonExceptionAuthenticationEntryPoint这个就可以判断,如果是符合要求,可以打印到前端的我们自定义的异常,就可以去打印了。private @NonNull BiConsumer<org.springframework.security.core.userdetails.UserDetails,org.springframework.security.core.Authentication> 其他操作private @NonNull UnaryOperator<Collection<? extends org.springframework.security.core.GrantedAuthority>>映射接口,该接口可以被注入到身份验证层,以将从存储加载的权限转换为将在身份验证对象中使用的权限。private final @NonNull org.springframework.security.oauth2.core.AuthorizationGrantType授权类型private final @NonNull org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServiceprivate static final Stringprotected org.springframework.context.support.MessageSourceAccessorprivate final @NonNull org.springframework.security.crypto.password.PasswordEncoder密码加密器private @NonNull Consumer<org.springframework.security.core.userdetails.UserDetails>验证获取到的用户的有效性
比如用户的状态是锁的,就算能查询出来了,也应该要验证一下,然后报错什么的private BiConsumer<org.springframework.security.core.Authentication,org.springframework.security.oauth2.server.authorization.OAuth2Authorization.Builder> private final @NonNull Supplier<Class<? extends CustomizeAuthenticationToken>>token 支持,必须设置这个,不然不知道该处理哪个 tokenprivate final @NonNull org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token>token 生成器private static final StringThe plaintext password used to perform PasswordEncoder#matches(CharSequence, String)} on when the user is not found to avoid SEC-2056.private final @NonNull Function<CustomizeAuthenticationToken,org.springframework.security.core.userdetails.UserDetails> 用户查找器private StringThe password used to performPasswordEncoder.matches(CharSequence, String)on when the user is not found to avoid SEC-2056. -
构造器概要
构造器构造器说明CustomizeAuthenticationProvider(@NonNull org.springframework.security.oauth2.core.AuthorizationGrantType authorizationGrantType, @NonNull Function<CustomizeAuthenticationToken, org.springframework.security.core.userdetails.UserDetails> userDetailsFinder, @NonNull org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, @NonNull org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, @NonNull Supplier<Class<? extends CustomizeAuthenticationToken>> supportsClass, @NonNull org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService) -
方法概要
修饰符和类型方法说明org.springframework.security.core.Authenticationauthenticate(org.springframework.security.core.Authentication authentication) 这里就是主要的鉴权方法了
在 AbstractUserDetailsAuthenticationProvider.authenticate(Authentication) 里面 是使用了一个叫 UserCache userCache 的缓存,我这里直接可以使用 Redis,所以就有一些改动 ,大致的逻辑都差不多voiddefaultAdditionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.core.Authentication authentication) 默认的用户信息匹配校验voiddefaultPreAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails user) 默认的查询到的用户信息校验private StringdeterminePrincipal(CustomizeAuthenticationToken authentication) private voidmitigateAgainstTimingAttack(org.springframework.security.core.Authentication authentication) private void先设置一下密码加密protected final org.springframework.security.core.userdetails.UserDetailsretrieveUser(String principal, CustomizeAuthenticationToken customizeAuthenticationToken) boolean设置 token 支持
授权之前会进来判断 传进来的 token 类型是否是我们要的类型 也就是 Authentication authenticate(Authentication authentication) 方法里面的 authentication
-
字段详细资料
-
messages
protected org.springframework.context.support.MessageSourceAccessor messages -
ERROR_URI
- 另请参阅:
-
userDetailsFinder
@NonNull private final @NonNull Function<CustomizeAuthenticationToken,org.springframework.security.core.userdetails.UserDetails> userDetailsFinder用户查找器 -
authorizationService
@NonNull private final @NonNull org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService -
passwordEncoder
@NonNull private final @NonNull org.springframework.security.crypto.password.PasswordEncoder passwordEncoder密码加密器 -
authoritiesMapper
@NonNull private @NonNull UnaryOperator<Collection<? extends org.springframework.security.core.GrantedAuthority>> authoritiesMapper映射接口,该接口可以被注入到身份验证层,以将从存储加载的权限转换为将在身份验证对象中使用的权限。 -
preAuthenticationChecks
@NonNull private @NonNull Consumer<org.springframework.security.core.userdetails.UserDetails> preAuthenticationChecks验证获取到的用户的有效性
比如用户的状态是锁的,就算能查询出来了,也应该要验证一下,然后报错什么的 -
additionalAuthenticationChecks
@NonNull private @NonNull BiConsumer<org.springframework.security.core.userdetails.UserDetails,org.springframework.security.core.Authentication> additionalAuthenticationChecks添加自定义的验证规则,可以和前端传过来的参数做比对
比如 这里默认只比对密码是否匹配,你还可以自定义,但是注意的是
这里抛出的异常只能是 继承了AuthenticationException和 实现了我自定义的这个接口的类JsonResponseException,这个可以看一下ProviderManager.authenticate(org.springframework.security.core.Authentication),这个类的名字就可以看出来 , 他是可以管理所有的 Provider,现在是在 Provider 里面报的错都会被抓到,然后往上抛,然后我们看一下在AuthorizationServerConfig#authorizationServerSecurityFilterChain(HttpSecurity, ICustomizeTokenEndpointConfigurer, IGlobalExceptionReporter, IGlobalPrinter)里面定义的 exceptionHandling 异常端点,他默认/示例给的是使用LoginUrlAuthenticationEntryPoint这个端点,但是这个端点只会跳转页面,或者是转发,这个不符合我们想要打印报错信息给前端,好再这个是可以继承的,可以看我新写的JsonExceptionAuthenticationEntryPoint这个就可以判断,如果是符合要求,可以打印到前端的我们自定义的异常,就可以去打印了。所以说,异常还是得自己自定义,如果是自定义鉴权方式的话, 异常都会被这个 Filter 拦截ExceptionTranslationFilter然后在这个 Filter 的方法ExceptionTranslationFilter.handleSpringSecurityException(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse, jakarta.servlet.FilterChain, java.lang.RuntimeException)就可以看到这段代码if (exception instanceof AuthenticationException) { handleAuthenticationException(request, response, chain, (AuthenticationException) exception); } else if (exception instanceof AccessDeniedException) { ... }一个是鉴权异常,一个是访问异常,我们要做的就是鉴权异常 -
additionalAuthenticationOperation
@NonNull private @NonNull BiConsumer<org.springframework.security.core.userdetails.UserDetails,org.springframework.security.core.Authentication> additionalAuthenticationOperation其他操作 -
tokenGenerator
@NonNull private final @NonNull org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGeneratortoken 生成器 -
authorizationGrantType
@NonNull private final @NonNull org.springframework.security.oauth2.core.AuthorizationGrantType authorizationGrantType授权类型 -
supportsClass
@NonNull private final @NonNull Supplier<Class<? extends CustomizeAuthenticationToken>> supportsClasstoken 支持,必须设置这个,不然不知道该处理哪个 token -
USER_NOT_FOUND_PASSWORD
The plaintext password used to perform PasswordEncoder#matches(CharSequence, String)} on when the user is not found to avoid SEC-2056.- 另请参阅:
-
userNotFoundEncodedPassword
The password used to performPasswordEncoder.matches(CharSequence, String)on when the user is not found to avoid SEC-2056. This is necessary, because somePasswordEncoderimplementations will short circuit if the password is not in a valid format. -
preSaveOAuth2Authorization
private BiConsumer<org.springframework.security.core.Authentication,org.springframework.security.oauth2.server.authorization.OAuth2Authorization.Builder> preSaveOAuth2Authorization
-
-
构造器详细资料
-
CustomizeAuthenticationProvider
public CustomizeAuthenticationProvider(@NonNull @NonNull org.springframework.security.oauth2.core.AuthorizationGrantType authorizationGrantType, @NonNull @NonNull Function<CustomizeAuthenticationToken, org.springframework.security.core.userdetails.UserDetails> userDetailsFinder, @NonNull @NonNull org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, @NonNull @NonNull org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, @NonNull @NonNull Supplier<Class<? extends CustomizeAuthenticationToken>> supportsClass, @NonNull @NonNull org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService)
-
-
方法详细资料
-
determinePrincipal
-
authenticate
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException 这里就是主要的鉴权方法了
在 AbstractUserDetailsAuthenticationProvider.authenticate(Authentication) 里面 是使用了一个叫 UserCache userCache 的缓存,我这里直接可以使用 Redis,所以就有一些改动 ,大致的逻辑都差不多- 指定者:
authenticate在接口中org.springframework.security.authentication.AuthenticationProvider- 参数:
authentication- the authentication request object.- 返回:
- 成功后的身份验证
- 抛出:
org.springframework.security.core.AuthenticationException- 验证异常
-
prepareTimingAttackProtection
private void prepareTimingAttackProtection()先设置一下密码加密 -
mitigateAgainstTimingAttack
private void mitigateAgainstTimingAttack(org.springframework.security.core.Authentication authentication) -
retrieveUser
protected final org.springframework.security.core.userdetails.UserDetails retrieveUser(String principal, CustomizeAuthenticationToken customizeAuthenticationToken) throws org.springframework.security.core.AuthenticationException - 抛出:
org.springframework.security.core.AuthenticationException
-
supports
设置 token 支持
授权之前会进来判断 传进来的 token 类型是否是我们要的类型 也就是 Authentication authenticate(Authentication authentication) 方法里面的 authentication- 指定者:
supports在接口中org.springframework.security.authentication.AuthenticationProvider- 参数:
authentication- 支持的 token 的类型- 返回:
- boolean
- 从以下版本开始:
- 1.0.0
-
defaultPreAuthenticationChecks
public void defaultPreAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails user) 默认的查询到的用户信息校验- 参数:
user- 查询到的用户信息
-
defaultAdditionalAuthenticationChecks
public void defaultAdditionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException 默认的用户信息匹配校验- 参数:
userDetails- 用户信息authentication- 请求信息- 抛出:
org.springframework.security.core.AuthenticationException- 鉴权异常
-