当前位置:网站首页>管理员登录及token相关
管理员登录及token相关
2022-04-21 23:34:00 【寻常w】
1、前端登录表单部分
<el-form
:model="dataForm"
:rules="dataRule"
ref="dataForm"
@keyup.enter.native="dataFormSubmit()"
status-icon
>
<el-form-item prop="userName">
<el-input
class="info"
v-model="dataForm.userName"
placeholder="帐号"
></el-input>
</el-form-item>
<el-form-item prop="password">
<el-input
class="info"
v-model="dataForm.password"
type="password"
placeholder="密码"
></el-input>
</el-form-item>
<el-form-item prop="captcha">
<el-row :gutter="20">
<el-col :span="14">
<el-input v-model="dataForm.captcha" placeholder="验证码">
</el-input>
</el-col>
<el-col :span="10" class="login-captcha">
<img :src="captchaPath" @click="getCaptcha()" alt="" />
</el-col>
</el-row>
</el-form-item>
<el-form-item>
<div class="item-btn">
<input type="button" value="登录" @click="dataFormSubmit()" />
</div>
</el-form-item>
</el-form><script>
import { getUUID } from '@/utils'
export default {
data () {
return {
dataForm: {
userName: '',
password: '',
uuid: '',
captcha: ''
},
dataRule: {
userName: [
{ required: true, message: '帐号不能为空', trigger: 'blur' }
],
password: [
{ required: true, message: '密码不能为空', trigger: 'blur' }
],
captcha: [
{ required: true, message: '验证码不能为空', trigger: 'blur' }
]
},
captchaPath: ''
}
},
created () {
this.getCaptcha()
},
methods: {
// 提交表单
dataFormSubmit () {
this.$refs['dataForm'].validate((valid) => {
if (valid) {
this.$http({
url: this.$http.adornUrl('/login?grant_type=admin'),
method: 'post',
data: this.$http.adornData({
'principal': this.dataForm.userName,
'credentials': this.dataForm.password,
'sessionUUID': this.dataForm.uuid,
'imageCode': this.dataForm.captcha
})
}).then(({ data }) => {
this.$cookie.set('Authorization', 'bearer' + data.access_token)
this.$router.replace({ name: 'home' })
}).catch(() => {
this.getCaptcha()
})
}
})
},
// 获取验证码
getCaptcha () {
this.dataForm.uuid = getUUID()
this.captchaPath = this.$http.adornUrl(`/captcha.jpg?uuid=${this.dataForm.uuid}`)
}
}
}
</script>2、后端springboot处理请求部分
-
自定义loginfilter,处理登录信息
@Component
public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
private UserDetailsService UserDetailsService;
private PasswordEncoder passwordEncoder;
@Autowired
public LoginAuthenticationFilter(UserDetailsService UserDetailsService, PasswordEncoder passwordEncoder) {
super("/login");
this.UserDetailsService = UserDetailsService;
this.passwordEncoder = passwordEncoder;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (!ServletUtil.METHOD_POST.equals(request.getMethod())) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
String requestBody = getStringFromStream(request);
if (StrUtil.isBlank(requestBody)) {
throw new AuthenticationServiceException("无法获取输入信息");
}
AdminAuthenticationToken adminAuthenticationToken = Json.parseObject(requestBody, AdminAuthenticationToken.class);
String username = adminAuthenticationToken.getPrincipal() == null?"NONE_PROVIDED":adminAuthenticationToken.getName();
String kaptchaKey = SecurityConstants.SPRING_SECURITY_RESTFUL_IMAGE_CODE + adminAuthenticationToken.getSessionUUID();
String kaptcha = RedisUtil.get(kaptchaKey);
RedisUtil.del(kaptchaKey);
if(StrUtil.isBlank(adminAuthenticationToken.getImageCode()) || !adminAuthenticationToken.getImageCode().equalsIgnoreCase(kaptcha)){
throw new ImageCodeNotMatchExceptionBase("验证码有误");
}
UserDetails user;
try {
user = UserDetailsService.loadUserByUsername(username);
} catch (UsernameNotFoundExceptionBase var6) {
throw new UsernameNotFoundExceptionBase("账号或密码不正确");
}
String encodedPassword = user.getPassword();
String rawPassword = adminAuthenticationToken.getCredentials().toString();
// 密码不正确
if (!passwordEncoder.matches(rawPassword,encodedPassword)){
throw new BadCredentialsExceptionBase("账号或密码不正确");
}
if (!user.isEnabled()) {
throw new UsernameNotFoundExceptionBase("账号已被锁定,请联系管理员");
}
AdminAuthenticationToken result = new AdminAuthenticationToken(user, adminAuthenticationToken.getCredentials());
result.setDetails(adminAuthenticationToken.getDetails());
return result;
}
private String getStringFromStream(HttpServletRequest req) {
ServletInputStream is;
try {
is = req.getInputStream();
int nRead = 1;
int nTotalRead = 0;
byte[] bytes = new byte[10240];
while (nRead > 0) {
nRead = is.read(bytes, nTotalRead, bytes.length - nTotalRead);
if (nRead > 0) {
nTotalRead = nTotalRead + nRead;
}
}
return new String(bytes, 0, nTotalRead, StandardCharsets.UTF_8);
} catch (IOException e) {
e.printStackTrace();
return "";
}
}
@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
@Autowired
public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
super.setAuthenticationSuccessHandler(successHandler);
}
@Override
@Autowired
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
super.setAuthenticationFailureHandler(failureHandler);
}
}
-
自定义AbstractAuthenticationToken,
* principal为账号,credentials为密码, authorities为权限列表
@Getter
@Setter
public class MyAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 110L;
protected Object principal;
protected Object credentials;
protected Boolean debugger;
public MyAuthenticationToken() {
super(null);
}
/**
* This constructor should only be used by <code>AuthenticationManager</code> or <code>AuthenticationProvider</code>
* implementations that are satisfied with producing a trusted (i.e. {@link #isAuthenticated()} = <code>true</code>)
* token token.
*
* @param principal
* @param credentials
* @param authorities
*/
public MyAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true);
}
public MyAuthenticationToken(Object principal, Object credentials) {
super(null);
this.principal = principal;
this.credentials = credentials;
this.setAuthenticated(false);
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if(isAuthenticated) {
throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
} else {
super.setAuthenticated(false);
}
}
@Override
public void eraseCredentials() {
super.eraseCredentials();
this.credentials = null;
}
}
- 系统账号密码登录返回权限列表
/**
* 系统用户账号密码登陆
*/
@Getter
@Setter
@NoArgsConstructor
public class AdminAuthenticationToken extends MyAuthenticationToken {
private String sessionUUID;
private String imageCode;
public AdminAuthenticationToken(UserDetails principal, Object credentials) {
super(principal, credentials, principal.getAuthorities());
}
}
版权声明
本文为[寻常w]所创,转载请带上原文链接,感谢
https://blog.csdn.net/qq_44302255/article/details/124314736
边栏推荐
猜你喜欢
339-Leetcode 单词规律
C language for complete square
7.10 线程条件变量
Two benchmark performance test methods of redis
87 r K-means, hierarchical clustering, implementation of EM clustering
LeetCode_ 746 climbing stairs with minimum cost
87 R k-means,层次聚类,EM聚类的实现
【接口测试基础】第四篇 | 接口测试流程及接口文档解析
Prompt, can you do it or not?
7.5 线程等待终止
随机推荐
leetcode:271. Encoding and decoding of strings
[H.264] SPS frame rate calculation method
【接口测试基础】第四篇 | 接口测试流程及接口文档解析
Bit by bit concentrated and clean, the way to break the situation in the detergent industry
BUUCTF 荷兰宽带数据泄露
Ijcai2022 employment results released! The acceptance rate is 15%. Did you win?
LeetCode_ 746 climbing stairs with minimum cost
leetcode:271.字符串的编码与解码
Multi table view creation problem: modify view data times 1062
Textview tilt properties
Leetcode每日一题824. 山羊拉丁文
2022/4/21
How to build an observable system that can "evolve continuously"| QCon
Man machine verification reCAPTCHA V3 complete instructions
How JMeter sets parameterization
Following Huawei Cangjie, it reproduces four domestic programming languages in various forms, including one 0 code
. 100 roller events
入参有汉字,报错500,服务器内部错误
Good morning and good night. Punch in V2 0.1 official account module
(3) Ruixin micro rk3568 SSH replaces dropbear