SpringBoot Security 自定义登录验证逻辑+密码加盐

密码加盐思路

JAVA 加盐加密方法_Teln_小凯的博客-CSDN博客

盐加密方法

@ApiOperation(value = "002-加密")
    @PreAuthorize("hasAuthority('sys:app:all')")
    @GetMapping(value = "/encodePassword")
    public HttpResult encodePassword(String password,String salt){
        String pwd = Md5Utils.md5Password(password,salt);
        pwd= new BCryptPasswordEncoder().encode(pwd);
        return HttpResult.oktoData(pwd);
    }

调用得到密文

 数据存盐和密文

 下面开始修改从数据库读取，整体架构在下面这个基础上修改

springboot security jwt restful_Teln_小凯的博客-CSDN博客

读取数据库的密码、权限和盐

重写密码加盐的验证

package com.java.core.web.security;

import com.java.core.web.utils.Md5Utils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


public class JwtAuthenticationProvider extends DaoAuthenticationProvider {

    public JwtAuthenticationProvider(UserDetailsService userDetailsService) {
        setUserDetailsService(userDetailsService);
        setPasswordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    	// 可以在此处覆写整个登录认证逻辑
    	return super.authenticate(authentication);
    }
    
    @Override
	protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication)
			throws AuthenticationException {
    	// 可以在此处覆写密码验证逻辑
		//super.additionalAuthenticationChecks(userDetails, authentication);
        if (authentication.getCredentials() == null) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            String presentedPassword = authentication.getCredentials().toString();
            presentedPassword=Md5Utils.md5Password(presentedPassword,((JwtUserDetails)userDetails).getSalt());
            if (!new BCryptPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) {
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
        }
	}

}