package com.monkeylessey.framework.security.filter; import com.fasterxml.jackson.databind.ObjectMapper; import com.monkeylessey.constant.RedisKeyPrefixConstants; import com.monkeylessey.framework.service.XpUserDetailsService; import com.monkeylessey.framework.utils.RedisUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Map; @Deprecated public class MyUsernamePasswordFilter extends UsernamePasswordAuthenticationFilter { private static final String SPRING_SECURITY_FORM_Captcha_KEY = "captcha"; private static final String SPRING_SECURITY_FORM_CaptchaID_KEY = "captchaId"; private boolean postOnly; @Autowired private RedisUtil redisUtil; @Autowired private XpUserDetailsService userDetailsService; @Override public void setPostOnly(boolean postOnly) { this.postOnly = postOnly; } @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { // 首先判断登录请求必须是post if (this.postOnly && !request.getMethod().equalsIgnoreCase("post")) { throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod()); } // 因为前后端分离,所以要求格式必须为application/json if (request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)) { try { Map map = new ObjectMapper().readValue(request.getInputStream(), Map.class); String username = (String) map.get(getUsernameParameter()); String password = (String) map.get(getPasswordParameter()); String captcha = (String) map.get(getCaptchaParameter()); String captchaId = (String) map.get(getCaptchaIdParameter()); if (StringUtils.isEmpty(captcha)) { // 验证码错误异常 System.out.println("AAAAA"); } String redisCaptcha = redisUtil.getValue(RedisKeyPrefixConstants.CAPTCHA + captchaId, String.class); if (StringUtils.isEmpty(redisCaptcha)) { // 验证码过期异常 System.out.println("BBBBB"); } else if (!redisCaptcha.equalsIgnoreCase(captcha)) { // 验证码错误异常 System.out.println("CCCCCC"); } // 验证码正确,删除redis中的验证码 redisUtil.deleteKey(RedisKeyPrefixConstants.CAPTCHA + captchaId); username = username != null ? username : ""; username = username.trim(); password = password != null ? password : ""; // 通过用户名查找出角色 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password, userDetailsService.getUserPermissions(username)); this.setDetails(request, authRequest); return this.getAuthenticationManager().authenticate(authRequest); } catch (IOException e) { e.printStackTrace(); } } // 如果不满足,执行父类的 return super.attemptAuthentication(request, response); } private String getCaptchaIdParameter() { return SPRING_SECURITY_FORM_CaptchaID_KEY; } private String getCaptchaParameter() { return SPRING_SECURITY_FORM_Captcha_KEY; } }