ai java中间层
blame | 历史 | 原始文档
xiangpei
2025-04-18 ccadf9480d4e6a9dcc227a2a0b1f9ae0612e36fd 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

package com.monkeylessey.framework.security.filter;


 


import com.fasterxml.jackson.databind.ObjectMapper;


import com.monkeylessey.constant.RedisKeyPrefixConstants;


import com.monkeylessey.framework.service.XpUserDetailsService;


import com.monkeylessey.framework.utils.RedisUtil;


import org.apache.commons.lang3.StringUtils;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.MediaType;


import org.springframework.security.authentication.AuthenticationServiceException;


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.AuthenticationException;


import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


 


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.util.Map;


 


@Deprecated


public class MyUsernamePasswordFilter extends UsernamePasswordAuthenticationFilter {


 


    private static final String SPRING_SECURITY_FORM_Captcha_KEY = "captcha";


    private static final String SPRING_SECURITY_FORM_CaptchaID_KEY = "captchaId";


 


    private boolean postOnly;


 


    @Autowired


    private RedisUtil redisUtil;


    @Autowired


    private XpUserDetailsService userDetailsService;


 


    @Override


    public void setPostOnly(boolean postOnly) {


        this.postOnly = postOnly;


    }


 


    @Override


    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {


        // 首先判断登录请求必须是post


        if (this.postOnly && !request.getMethod().equalsIgnoreCase("post")) {


            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());


        }


        // 因为前后端分离,所以要求格式必须为application/json


        if (request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)) {


            try {


                Map<String, Object> map = new ObjectMapper().readValue(request.getInputStream(), Map.class);


                String username = (String) map.get(getUsernameParameter());


                String password = (String) map.get(getPasswordParameter());


                String captcha = (String) map.get(getCaptchaParameter());


                String captchaId = (String) map.get(getCaptchaIdParameter());


 


                if (StringUtils.isEmpty(captcha)) {


                    // 验证码错误异常


                    System.out.println("AAAAA");


                }


                String redisCaptcha = redisUtil.getValue(RedisKeyPrefixConstants.CAPTCHA + captchaId, String.class);


                if (StringUtils.isEmpty(redisCaptcha)) {


                    // 验证码过期异常


                    System.out.println("BBBBB");


                } else if (!redisCaptcha.equalsIgnoreCase(captcha)) {


                    // 验证码错误异常


                    System.out.println("CCCCCC");


                }


                // 验证码正确,删除redis中的验证码


                redisUtil.deleteKey(RedisKeyPrefixConstants.CAPTCHA + captchaId);


                username = username != null ? username : "";


                username = username.trim();


                password = password != null ? password : "";


                // 通过用户名查找出角色


                UsernamePasswordAuthenticationToken


                        authRequest = new UsernamePasswordAuthenticationToken(username,


                        password,


                        userDetailsService.getUserPermissions(username));


                this.setDetails(request, authRequest);


                return this.getAuthenticationManager().authenticate(authRequest);


            } catch (IOException e) {


                e.printStackTrace();


            }


        }


        // 如果不满足,执行父类的


        return super.attemptAuthentication(request, response);


    }


 


    private String getCaptchaIdParameter() {


        return SPRING_SECURITY_FORM_CaptchaID_KEY;


    }


 


    private String getCaptchaParameter() {


        return SPRING_SECURITY_FORM_Captcha_KEY;


    }


}