package com.mindskip.xzs.configuration.spring.security;
|
|
import cn.hutool.crypto.asymmetric.KeyType;
|
import cn.hutool.crypto.asymmetric.RSA;
|
import com.mindskip.xzs.configuration.property.CookieConfig;
|
|
import com.mindskip.xzs.utility.JsonUtil;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.io.InputStream;
|
|
/**
|
* @version 2.2.0
|
* @description: 登录参数序列化
|
* Copyright (C), 2020-2021, 武汉思维跳跃科技有限公司
|
* @date 2021 /9/7 9:45
|
*/
|
public class RestLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
private final org.slf4j.Logger logger = LoggerFactory.getLogger(RestLoginAuthenticationFilter.class);
|
private final RSA rsa;
|
|
public RestLoginAuthenticationFilter(RSA rsa) {
|
super(new AntPathRequestMatcher("/api/user/login", "POST"));
|
this.rsa = rsa;
|
}
|
|
@Override
|
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
|
UsernamePasswordAuthenticationToken authRequest;
|
try (InputStream is = request.getInputStream()) {
|
AuthenticationBean authenticationBean = JsonUtil.toJsonObject(is, AuthenticationBean.class);
|
authenticationBean.setPassword(rsa.decryptStr(authenticationBean.getPassword(), KeyType.PrivateKey));
|
request.setAttribute(TokenBasedRememberMeServices.DEFAULT_PARAMETER, authenticationBean.isRemember());
|
authRequest = new UsernamePasswordAuthenticationToken(authenticationBean.getUserName(), authenticationBean.getPassword());
|
} catch (IOException e) {
|
logger.error(e.getMessage(), e);
|
authRequest = new UsernamePasswordAuthenticationToken("", "");
|
}
|
setDetails(request, authRequest);
|
return this.getAuthenticationManager().authenticate(authRequest);
|
|
}
|
|
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
RestTokenBasedRememberMeServices tokenBasedRememberMeServices = new RestTokenBasedRememberMeServices(CookieConfig.getName(), userDetailsService);
|
tokenBasedRememberMeServices.setTokenValiditySeconds(CookieConfig.getInterval());
|
setRememberMeServices(tokenBasedRememberMeServices);
|
}
|
|
public void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
|
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
}
|
}
|
