package com.lm.it.sec.security.mobile;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.util.Assert;
/**
* @see org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
*/
public abstract class AbstractMobileUserDetailsAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
protected final Log logger = LogFactory.getLog(getClass());
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private UserCache userCache = new NullUserCache();
private boolean forcePrincipalAsString = false;
protected boolean hideMobileNotFoundExceptions = true;
private UserDetailsChecker preAuthenticationChecks = new AbstractMobileUserDetailsAuthenticationProvider.DefaultPreAuthenticationChecks();
private UserDetailsChecker postAuthenticationChecks = new AbstractMobileUserDetailsAuthenticationProvider.DefaultPostAuthenticationChecks();
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
/**
* Allows subclasses to perform any additional checks of a returned (or cached)
* <code>UserDetails</code> for a given authentication request. Generally a subclass
* will at least compare the {@link Authentication#getCredentials()} with a
* {@link UserDetails#getPassword()}. If custom logic is needed to compare additional
* properties of <code>UserDetails</code> and/or
* <code>UsernamePasswordAuthenticationToken</code>, these should also appear in this
* method.
*
* @param userDetails as retrieved from the
* {@link #retrieveUser(String, CustomMobileAuthenticationToken)} or
* <code>UserCache</code>
* @param authentication the current request that needs to be authenticated
* @throws AuthenticationException AuthenticationException if the credentials could
* not be validated (generally a <code>BadCredentialsException</code>, an
* <code>AuthenticationServiceException</code>)
*/
protected abstract void additionalAuthenticationChecks(UserDetails userDetails,
CustomMobileAuthenticationToken authentication) throws AuthenticationException;
@Override
public final void afterPropertiesSet() throws Exception {
Assert.notNull(this.userCache, "A user cache must be set");
Assert.notNull(this.messages, "A message source must be set");
doAfterPropertiesSet();
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
Assert.isInstanceOf(CustomMobileAuthenticationToken.class, authentication,
() -> this.messages.getMessage("AbstractMobileUserDetailsAuthenticationProvider.onlySupports",
"Only CustomMobileAuthenticationToken is supported"));
String username = determineUsername(authentication);
boolean cacheWasUsed = true;
UserDetails user = this.userCache.getUserFromCache(username);
if (user == null) {
cacheWasUsed = false;
try {
user = retrieveUser(username, (CustomMobileAuthenticationToken) authentication);
} catch (UsernameNotFoundException ex) {
this.logger.debug("Failed to find user '" + username + "'");
if (!this.hideMobileNotFoundExceptions) {
throw ex;
}
throw new BadCredentialsException(this.messages
.getMessage("AbstractMobileUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
Assert.notNull(user, "retrieveUser returned null - a violation of the interface contract");
}
try {
this.preAuthenticationChecks.check(user);
additionalAuthenticationChecks(user, (CustomMobileAuthenticationToken) authentication);
} catch (AuthenticationException ex) {
if (!cacheWasUsed) {
throw ex;
}
// There was a problem, so try again after checking
// we're using latest data (i.e. not from the cache)
cacheWasUsed = false;
user = retrieveUser(username, (CustomMobileAuthenticationToken) authentication);
this.preAuthenticationChecks.check(user);
additionalAuthenticationChecks(user, (CustomMobileAuthenticationToken) authentication);
}
this.postAuthenticationChecks.check(user);
if (!cacheWasUsed) {
this.userCache.putUserInCache(user);
}
Object principalToReturn = user;
if (this.forcePrincipalAsString) {
principalToReturn = user.getUsername();
}
return createSuccessAuthentication(principalToReturn, authentication, user);
}
private String determineUsername(Authentication authentication) {
return (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
}
/**
* Creates a successful {@link Authentication} object.
* <p>
* Protected so subclasses can override.
* </p>
* <p>
* Subclasses will usually store the original credentials the user supplied (not
* salted or encoded passwords) in the returned <code>Authentication</code> object.
* </p>
*
* @param principal that should be the principal in the returned object (defined by
* the {@link #isForcePrincipalAsString()} method)
* @param authentication that was presented to the provider for validation
* @param user that was loaded by the implementation
* @return the successful authentication token
*/
protected Authentication createSuccessAuthentication(Object principal, Authentication authentication,
UserDetails user) {
// Ensure we return the original credentials the user supplied,
// so subsequent attempts are successful even with encoded passwords.
// Also ensure we return the original getDetails(), so that future
// authentication events after cache expiry contain the details
CustomMobileAuthenticationToken result = new CustomMobileAuthenticationToken(principal,
authentication.getCredentials(), this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
result.setDetails(authentication.getDetails());
this.logger.debug("Authenticated user");
return result;
}
protected void doAfterPropertiesSet() throws Exception {
}
public UserC
lm-springsecurity.rar (80个子文件) 
lm-springsecurity 
pom.xml 6KB src main resources sql securitydb.sql 3KB mapper UserMapper.myql.xml 5KB application.properties 3KB jwt jwt.properties 251B templates 
exception.html 425B login.html 9KB index.html 1KB log4j2.xml 5KB static font font_1475912685_3576825.ttf 24KB font_1465353706_4784257.ttf 8KB font_1408947319_9759417.woff 7KB font_1475912685_3576825.eot 24KB
font_1404888168_2057645.svg 8KB font_1408947319_9759417.ttf 12KB font_1408947319_9759417.eot 12KB font_1451959379_8626566.woff 18KB font_1451959379_8626566.eot 30KB font_1404888168_2057645.woff 5KB font_1475912685_3576825.woff 15KB font_1465353706_4784257.svg 8KB font_1451959379_8626566.svg 36KB font_1465353706_4784257.eot 8KB font_1475912685_3576825.svg 30KB font_1404888168_2057645.eot 8KB font_1465353706_4784257.woff 5KB font_1451959379_8626566.ttf 29KB font_1404888168_2057645.ttf 8KB font_1408947319_9759417.svg 11KB js jquery-3.6.0.js 292KB jquery-3.6.0.min.js 87KB img 
lg-bg.png 145KB
wj.gif 3KB css icon.css 4KB public.css 1KB login.css 5KB application-dev.properties 0B META-INF spring.factories 127B java com lm it sec Application.java 446B constant SecurityConstant.java 315B wrapper CustomHttpServletRequestWrapper.java 2KB mapper UserMapper.java 776B security CustomAuthenticationFailureHandler.java 1KB CustomErrorAuthenticationEntryPoint.java 1KB username CustomUsernameAuthenticationProvider.java 6KB CustomUsernameAuthenticationFilter.java 6KB mobile AbstractMobileUserDetailsAuthenticationProvider.java 15KB CustomMobileAuthenticationFilter.java 7KB CustomMobileAuthenticationToken.java 2KB CustomMobileAuthenticationProvider.java 7KB CustomAccessDeniedHandler.java 1KB CustomAuthenticationSuccessHandler.java 2KB CustomUserDetailsSerivce.java 3KB CustomLogoutSuccessHandler.java 1KB CustomAuthenticationDetailsSource.java 1KB PlainTextPasswordEncoder.java 456B CustomWebAuthenticationDetails.java 3KB rememberme CustomPersistentTokenBasedRememberMeServices.java 7KB configuration DruidConfiguration.java 12KB DataSourceTransactionConfiguration.java 963B SecurityConfiguration.java 11KB RedisConfiguration.java 4KB FilterRegistryConfiguration.java 3KB MapperScannerConfiguration.java 2KB MybatisConfiguration.java 3KB controller ViewController.java 1KB jwt JwtService.java 1KB impl JwtServiceImpl.java 6KB config JwtHeaderConfig.java 490B JwtPlayloadConfig.java 702B JwtConfig.java 1KB JwtValidityConfig.java 637B service UserService.java 713B impl UserServiceImpl.java 899B filter CustomHttpServletRequestWrapperFilter.java 1KB listener ApplicationStartedEventListener.java 1KB CustomEnvironmentPostProcessor.java 1KB util SpringMvcUtil.java 5KB JsonUtil.java 820B ApplicationContextHelper.java 2KB资源评论
流华追梦
- 粉丝: 9793
- 资源: 3844
最新资源
- 基于Java Swing实现的飞机大战游戏.zip
- frida-server魔改 深度魔改
- 基于Java的奖励养成类蓝牙联机游戏.zip
- 基于Java+Swing的石头剪刀布游戏.zip
- Java作战小游戏.zip学习资料程序大作业
- Easyx的小游戏,飞翔的小鸟
- Tetris GUI game based on Java language development(基于Java语言开发的俄罗斯方块GUI小游戏 ).zip
- html常规学习.zip资源资料用户手册
- Semester Examination Works. 烟台科技学院,智能工程学院,Java编程基础课设 Java打字游戏.zip
- PingFang SC、HK、TC(Win 完美协作-修改版).apk
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
