Recently implemented a multi-terminal login Spring Security component, which is very smooth to use, out of the box, pluggable, and very flexible. I think it can meet the needs of most scenarios. At present, we have completed two kinds of custom logins, mobile phone number verification code and WeChat applet, plus the default form login. There are three kinds of them. Now we will share them with you as open source. Next, we will briefly introduce this plug-in package.
DSL configuration style
Cut to the chase, let's take a look at the configuration first:
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.mvcMatchers("/foo/**")
.access("hasAuthority('ROLE_USER')").anyRequest().authenticated()
.and()
// 默认form表单登录
.formLogin()
.and()
.apply(new LoginFilterSecurityConfigurer<>())
// 验证码登录
.captchaLogin(captchaLoginConfigurer ->
// 验证码校验 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
captchaLoginConfigurer.captchaService(this::verifyCaptchaMock)
// 根据手机号查询用户UserDetials 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.captchaUserDetailsService(this::loadUserByPhoneMock)
// 生成JWT 返回 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.jwtTokenGenerator(this::tokenResponseMock)
//todo 其它配置省略……
)
// 小程序登录 同时支持多个小程序
.miniAppLogin(miniAppLoginConfigurer -> miniAppLoginConfigurer
// 实现小程序多租户
// 根据请求携带的clientid 查询小程序的appid和secret 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.miniAppClientService(this::miniAppClientMock)
// 小程序用户 自动注册和检索 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.miniAppUserDetailsService(new MiniAppUserDetailsServiceMock())
// 小程序sessionkey缓存 过期时间应该小于微信官方文档的声明 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.miniAppSessionKeyCache(new MiniAppSessionKeyCacheMock())
// 生成JWT 返回 1 在此处配置 优先级最高 2 注册为Spring Bean 可以免配置
.jwtTokenGenerator(this::tokenResponseMock)
//todo 其它配置省略……
);
return http.build();
} This style is completely in line with Spring Security 's DSL configuration style, which is not only tall, but also can be configured on demand. If you do not have a verification code to log in, delete captchaLogin method; if you do not have a WeChat applet login, delete miniAppLogin method. You can even fine-grained customization for single login, formLogin some functions include basic verification code login and WeChat applet login.
Why so flexible?
A login configuration class is abstracted here:
public abstract class AbstractLoginFilterConfigurer<H extends HttpSecurityBuilder<H>,
C extends AbstractLoginFilterConfigurer<H, C, F>,
F extends AbstractAuthenticationProcessingFilter>
extends AbstractHttpConfigurer<AbstractLoginFilterConfigurer<H, C, F>, H> {
// 省略……
} Most of the additional login channels can be extended through this class. The ones responsible for the verification code login CaptchaLoginFilterConfigurer and the WeChat applet login MiniAppLoginFilterConfigurer are all implemented by this class, basically you have seen The source code can also be drawn according to the gourd painting.
In addition, the above configuration item interfaces can be placed in Spring IoC , and the configuration class can be obtained automatically, but the highest priority is the specific implementation configured in the above code. For the principle, see the following example:
@Override
protected AuthenticationSuccessHandler defaultSuccessHandler(H http) {
// 如果配置类没有配置 就尝试去Spring IoC中发现
if (this.jwtTokenGenerator == null) {
ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
jwtTokenGenerator = getBeanOrNull(applicationContext, JwtTokenGenerator.class);
}
Assert.notNull(jwtTokenGenerator, "jwtTokenGenerator is required");
return new LoginAuthenticationSuccessHandler(jwtTokenGenerator);
}
public final <T> T getBeanOrNull(ApplicationContext applicationContext, Class<T> beanType) {
String[] beanNames = applicationContext.getBeanNamesForType(beanType);
if (beanNames.length == 1) {
return applicationContext.getBean(beanNames[0], beanType);
}
return null;
}Instructions
Use the Maven command mvn install to the local warehouse by yourself, and then import:
<dependency>
<groupId>cn.felord</groupId>
<artifactId>spring-security-extension</artifactId>
<version>1.0.0</version>
</dependency>Then refer to the sample sample project for development. There are three login methods.
Normal login
Native Spring Security interface
POST /login?username=user&password=12345 HTTP/1.1
Host: localhost:8080Verification code login
Need to implement the necessary configuration interface first
After sending the verification code, call the verification code login interface:
POST /login/captcha?phone=11111111111&captcha=123123 HTTP/1.1
Host: localhost:8080Mini Program Login
Need to implement the necessary configuration interface first
The front end first calls the WeChat authorized login interface to obtain openid :
POST /miniapp/preauth?clientId=wxxda23234&jsCode=051A23234ZHa1tZ5yj3AOlFr HTTP/1.1
Host: localhost:8080response:
{
"code": 200,
"data": {
"errcode": null,
"errmsg": null,
"sessionKey": null,
"openid": "oWmZj5QBrZxxxxx8OUxRrZJi4",
"unionid": "oS-dxxxxxx4w_x7dA-h9MIuA"
},
"msg": "",
"identifier": true
}Then call the applet login interface:
POST /login/miniapp HTTP/1.1
Host: localhost:8080
Content-Type: application/json
{
"clientId": "wxd14qr6",
"openId": "oWmZj5QBrZIBks0xx8OUxRrZJi4",
"unionId": "oS-dK520tgW8xxxx7dA-h9MIuA",
"iv":"LQUOt8BSTa7xxxpe1Q==",
"encryptedData": "10hn3o4xxxxxrO/Ag5nRD3QkLSzduKnWuzN9B/H4Y0G5mDPR8siA7T8yaaqZsrMycLAoe2qrd1J75yYetYuWifiq3jUrcceRZHVxxl9LnQdW8f5+pMTnQtCYiMJ7Jm9paCw2Bh+5Lowkyqkx1q0fALvCQ9LXPPLAbLOB9CavRfKoenAmyyHQjZ/6lz0njzA=="
}
method of obtaining
Gitee: felord/spring-security-login-extension
关注公众号:Felordcn 获取更多资讯
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。