Spring Security登录用户名和密码加密

```java

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.GenericFilterBean;

/**
 * 解密用户名和密码的过滤器
 *
 */
public class DecryptUsernamePasswordFilter extends GenericFilterBean {

    private static final Logger LOGGER = LoggerFactory.getLogger(DecryptUsernamePasswordFilter.class);

    private final RequestMatcher requiresRequestMatcher;

    public DecryptUsernamePasswordFilter() {
        requiresRequestMatcher = new AntPathRequestMatcher("/api/login", "POST");
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
        throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        if (!requiresRequestMatcher.matches(request)) {
            chain.doFilter(request, response);
            return;
        }

       
       chain.doFilter(new DecryptUsernamePasswordHttpServletRequestWrapper(request), res);
    }

    /**
     * 对Form表单POST提交来的用户名密码字段尝试进行RSA解密。
     */
    private class DecryptUsernamePasswordHttpServletRequestWrapper extends HttpServletRequestWrapper {

        public DecryptUsernamePasswordHttpServletRequestWrapper(HttpServletRequest request) {
            super(request);
        }

        @Override
        public String getParameter(String name) {
            String parameter = super.getParameter(name);
            if (!isDecryptParameter(name)) {
                return parameter;
            }

            try {
                return decrypt(parameter);
            } catch (Exception e) {
                LOGGER.error(e.getMessage(), e);
                throw e;
            }
        }

        private String decrypt(String str) {
            if (StringUtils.isBlank(str)) {
                return str;
            }

            try {
                //使用RSA加密解密,私钥配置在后端,公钥配置在前端
                return RsaUtil.decryptDataByPrivate(str, loginProperty().getPrivateKey());
            } catch (Exception e) {
                throw new DecryptUsernamePasswordException("用户名和密码解密失败", e);
            }
        }

        private boolean isDecryptParameter(String name) {
            if ("username".equals(name)) {
                return true;
            }

            if ("password".equals(name)) {
                return true;
            }

            return false;
        }
    }
}

// 注册过滤器
HttpSecurity http;
http.addFilterBefore(decryptUsernamePasswordFilter, UsernamePasswordAuthenticationFilter.class)

 // 前端使用

import JsEncrypt from 'jsencrypt';

```

你可能感兴趣的:(java与模式(OOD),java)