若依分离版短信登录集成步骤
主要依照springSecurity用户名密码登录的认证流程来重写短信认证流程,不清楚springSecurity的认证流程的先建议熟悉一下springSecurity认证流程,这样对短信认证登录就比较好理解。
这里有个认证流程讲解可以参考参考https://blog.csdn.net/yuanlaijike/article/details/84703690
后端:
ruoyi-admin模块
一、增加生成验证码类
位置:GenerateSms.java
a.预览图:
b.详细代码:
package com.ruoyi.web.controller.system;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.model.LoginBody;
import com.ruoyi.common.core.redis.RedisCache;
import com.ruoyi.common.utils.uuid.IdUtils;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@Api("生成验证码接口")
@Controller
public class GenerateSms {
@Autowired
private RedisCache redisCache;
private Logger logger = LoggerFactory.getLogger(getClass());
@ApiOperation("生成验证码")
@ApiImplicitParam(name = "mobile",value = "手机号码",required = true,dataType = "String",paramType = "query")
@PostMapping("/sms/code")
@ResponseBody
public AjaxResult sms(@RequestBody LoginBody loginBody) {
String mobile=loginBody.getMobile();
// 保存验证码信息
String uuid = IdUtils.simpleUUID();
String verifyKey = Constants.SMS_CAPTCHA_CODE_KEY + uuid;
int code = (int) Math.ceil(Math.random() * 9000 + 1000);
Map map = new HashMap<>(16);
map.put("mobile", mobile);
map.put("code", code);
redisCache.setCacheObject(verifyKey, map, Constants.SMS_EXPIRATION, TimeUnit.MINUTES);
// session.setAttribute("smsCode", map);
logger.info(" 为 {} 设置短信验证码:{}", mobile, code);
AjaxResult ajax = AjaxResult.success();
ajax.put("uuid", uuid);
return ajax;
}
} 二、添加手机号登录映射
位置:SysLoginController.java
a.预览图:
详细代码:
/**
* 手机号登录方法
*
* @param
* @return 结果
*/
@ApiOperation("手机号登录")
@ApiImplicitParam(name = "loginBody", value = "登录信息", dataType = "LoginBody")
@PostMapping("/sms/login")
public AjaxResult smsLogin(@RequestBody LoginBody loginBody)
{
String mobile=loginBody.getMobile();
String smsCode=loginBody.getSmsCode();
String uuid=loginBody.getUuid();
AjaxResult ajax = loginService.smsLogin(mobile, smsCode,
uuid);
return ajax;
}ruoyi-common模块
一、增加手机号及短信验证码字段
位置:LoginBody.java
a.预览图:
b.详细代码:
/**
* 手机号
*/
private String mobile;
/**
* 手机验证码
*/
private String smsCode;
public String getMobile() {
return mobile;
}
public void setMobile(String mobile) {
this.mobile = mobile;
}
public String getSmsCode() {
return smsCode;
}
public void setSmsCode(String smsCode) {
this.smsCode = smsCode;
}二、添加相关常量
位置:Constants.java
a.预览图:
b.详细代码:
/**
* 短信验证码 redis key
*/
public static final String SMS_CAPTCHA_CODE_KEY = "sms_captcha_codes:";
/**
* 短信验证码有效期(分钟)
*/
public static final Integer SMS_EXPIRATION = 1;ruoyi-framework模块
一、添加手机号登录验证方法
位置:SysLoginService.java
a.预览图:
b.详细代码:
/**
* 手机号登录验证
*
* @param mobile 手机号
* @param code 验证码
* @param uuid 唯一标识
* @return 结果
*/
public AjaxResult smsLogin(String mobile, String code, String uuid)
{
// 用户验证
Authentication authentication = null;
try
{
checkSmsCode(mobile,code,uuid);
// 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
authentication = authenticationManager
.authenticate(new SmsCodeAuthenticationToken(mobile));
}
catch (Exception e)
{
AsyncManager.me().execute(AsyncFactory.recordLogininfor(mobile, Constants.LOGIN_FAIL, e.getMessage()));
throw new CustomException(e.getMessage());
}
AsyncManager.me().execute(AsyncFactory.recordLogininfor(mobile, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
AjaxResult ajax = AjaxResult.success();
// 生成token
String token = tokenService.createToken(loginUser);
ajax.put(Constants.TOKEN, token);
return ajax;
}
/**
* 检查手机号登录
* @param
*/
private void checkSmsCode(String mobile,String inputCode, String uuid) {
String verifyKey = Constants.SMS_CAPTCHA_CODE_KEY + uuid;
Map smsCode = redisCache.getCacheObject(verifyKey);
// redisCache.deleteObject(verifyKey);
if(StringUtils.isEmpty(inputCode)){
throw new BadCredentialsException("验证码不能为空");
}
if(smsCode == null) {
throw new BadCredentialsException("验证码失效");
}
String applyMobile = (String) smsCode.get("mobile");
int code = (int) smsCode.get("code");
if(!applyMobile.equals(mobile)) {
throw new BadCredentialsException("手机号码不一致");
}
if(code != Integer.parseInt(inputCode)) {
throw new BadCredentialsException("验证码错误");
}
} 二、增加短信配置及相关文件
前提条件:
在com.ruoyi.framework下创建smsConfig包,结构如下:
com.ruoyi.framework.smsConfig相关文件:
1.CustomAuthenticationFailureHandler.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ruoyi.common.core.domain.AjaxResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Autowired
private ObjectMapper objectMapper;
private Logger logger = LoggerFactory.getLogger(getClass());
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
logger.info("登陆失败");
response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
response.setContentType("application/json;charset=UTF-8");
AjaxResult ajax = AjaxResult.error(exception.getMessage());
if (exception instanceof BadCredentialsException)
{
response.getWriter().write(objectMapper.writeValueAsString(ajax));
}
// response.getWriter().write(objectMapper.writeValueAsString(exception.getMessage()));
}
}2.CustomAuthenticationSuccessHandler.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.framework.web.service.TokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Autowired
private ObjectMapper objectMapper;
@Autowired
TokenService tokenService;
private Logger logger = LoggerFactory.getLogger(getClass());
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
logger.info("登录成功");
AjaxResult ajax = AjaxResult.success();
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
String token = tokenService.createToken(loginUser);
ajax.put(Constants.TOKEN, token);
response.setContentType("application/json;charset=UTF-8");
// response.getWriter().write(objectMapper.writeValueAsString(tokenService.createToken(loginUser)));
response.getWriter().write(objectMapper.writeValueAsString(ajax));
}
}3.SmsCodeAuthenticationFilter.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 短信登录的鉴权过滤器,模仿 UsernamePasswordAuthenticationFilter 实现
*/
public class SmsCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
/**
* 手机号码的字段name
*/
public static final String SPRING_SECURITY_FORM_MOBILE_KEY = "mobile";
private String mobileParameter = SPRING_SECURITY_FORM_MOBILE_KEY;
/**
* 是否仅 POST 方式
*/
private boolean postOnly = true;
public SmsCodeAuthenticationFilter() {
// 短信登录的请求 post 方式的 /sms/login
super(new AntPathRequestMatcher("/sms/login", "POST"));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
String mobile = obtainMobile(request);
if (mobile == null) {
mobile = "";
}
mobile = mobile.trim();
SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
protected String obtainMobile(HttpServletRequest request) {
return request.getParameter(mobileParameter);
}
protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
public String getMobileParameter() {
return mobileParameter;
}
public void setMobileParameter(String mobileParameter) {
Assert.hasText(mobileParameter, "Mobile parameter must not be empty or null");
this.mobileParameter = mobileParameter;
}
public void setPostOnly(boolean postOnly) {
this.postOnly = postOnly;
}
}4.SmsCodeAuthenticationProvider.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.redis.RedisCache;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
/**
* 短信登陆鉴权 Provider,要求实现 AuthenticationProvider 接口
*
*/
public class SmsCodeAuthenticationProvider implements AuthenticationProvider {
private UserDetailsService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;
String mobile = (String) authenticationToken.getPrincipal();
// checkSmsCode(mobile);
UserDetails userDetails = userDetailsService.loadUserByUsername(mobile);
// 此时鉴权成功后,应当重新 new 一个拥有鉴权的 authenticationResult 返回
SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(userDetails, userDetails.getAuthorities());
authenticationResult.setDetails(authenticationToken.getDetails());
return authenticationResult;
}
private void checkSmsCode(String mobile) {
RedisCache redisCache = (RedisCache) SpringContextUtil.getBean("redisCache");
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String inputCode = request.getParameter("smsCode");
String uuid = request.getParameter("uuid");
String verifyKey = Constants.SMS_CAPTCHA_CODE_KEY + uuid;
Map smsCode = redisCache.getCacheObject(verifyKey);
// redisCache.deleteObject(verifyKey);
if(smsCode == null) {
throw new BadCredentialsException("验证码失效");
}
String applyMobile = (String) smsCode.get("mobile");
int code = (int) smsCode.get("code");
if(!applyMobile.equals(mobile)) {
throw new BadCredentialsException("手机号码不一致");
}
if(code != Integer.parseInt(inputCode)) {
throw new BadCredentialsException("验证码错误");
}
}
@Override
public boolean supports(Class authentication) {
// 判断 authentication 是不是 SmsCodeAuthenticationToken 的子类或子接口
return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication);
}
public UserDetailsService getUserDetailsService() {
return userDetailsService;
}
public void setUserDetailsService(UserDetailsService userDetailsService) {
this.userDetailsService = userDetailsService;
}
} 5.SmsCodeAuthenticationSecurityConfig.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import com.ruoyi.framework.web.service.SmsUserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.stereotype.Component;
@Component
public class SmsCodeAuthenticationSecurityConfig extends SecurityConfigurerAdapter {
@Autowired
private SmsUserDetailsServiceImpl userDetailsService;
@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
@Autowired
private CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
@Override
public void configure(HttpSecurity http) throws Exception {
/* SmsCodeAuthenticationFilter smsCodeAuthenticationFilter = new SmsCodeAuthenticationFilter();
smsCodeAuthenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
smsCodeAuthenticationFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
smsCodeAuthenticationFilter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);
*/
SmsCodeAuthenticationProvider smsCodeAuthenticationProvider = new SmsCodeAuthenticationProvider();
smsCodeAuthenticationProvider.setUserDetailsService(userDetailsService);
http.authenticationProvider(smsCodeAuthenticationProvider);
/* http.authenticationProvider(smsCodeAuthenticationProvider)
.addFilterAfter(smsCodeAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);*/
}
} 6.SmsCodeAuthenticationToken.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import java.util.Collection;
/**
* 短信登录 AuthenticationToken,模仿 UsernamePasswordAuthenticationToken 实现
*/
public class SmsCodeAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
/**
* 在 UsernamePasswordAuthenticationToken 中该字段代表登录的用户名,
* 在这里就代表登录的手机号码
*/
private final Object principal;
/**
* 构建一个没有鉴权的 SmsCodeAuthenticationToken
*/
public SmsCodeAuthenticationToken(Object principal) {
super(null);
this.principal = principal;
setAuthenticated(false);
}
/**
* 构建拥有鉴权的 SmsCodeAuthenticationToken
*/
public SmsCodeAuthenticationToken(Object principal, Collection authorities) {
super(authorities);
this.principal = principal;
// must use super, as we override
super.setAuthenticated(true);
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getPrincipal() {
return this.principal;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
if (isAuthenticated) {
throw new IllegalArgumentException(
"Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead");
}
super.setAuthenticated(false);
}
@Override
public void eraseCredentials() {
super.eraseCredentials();
}
}7.SpringContextUtil.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.smsConfig;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;
@Component
public class SpringContextUtil implements ApplicationContextAware {
// Spring应用上下文环境
private static ApplicationContext applicationContext;
/**
* 实现ApplicationContextAware接口的回调方法,设置上下文环境
*
* @param applicationContext
*/
@Override
public void setApplicationContext(ApplicationContext applicationContext) {
SpringContextUtil.applicationContext = applicationContext;
}
/**
* @return ApplicationContext
*/
public static ApplicationContext getApplicationContext() {
return applicationContext;
}
/**
* 获取对象
* 这里重写了bean方法,起主要作用
* @param name
* @return Object 一个以所给名字注册的bean的实例
* @throws BeansException
*/
public static Object getBean(String name) throws BeansException {
return applicationContext.getBean(name);
}
public static T getBean(Class requiredType) {
return applicationContext.getBean(requiredType);
}
} 三、service包增加短信登录实现类
位置:SmsUserDetailsServiceImpl.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.web.service;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.BaseException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* 用户验证处理
*
* @author ruoyi
*/
@Service
public class SmsUserDetailsServiceImpl implements UserDetailsService
{
private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);
@Autowired
private ISysUserService userService;
@Autowired
private SysPermissionService permissionService;
@Override
public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException
{
SysUser user = userService.selectUserByPhone(phone);
if (StringUtils.isNull(user))
{
log.info("登录手机号:{} 不存在.", phone);
throw new UsernameNotFoundException("登录手机号:" + phone + " 不存在");
}
else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
{
log.info("登录用户:{} 已被删除.", phone);
throw new BaseException("对不起,您的账号:" + phone + " 已被删除");
}
else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
{
log.info("登录用户:{} 已被停用.", phone);
throw new BaseException("对不起,您的账号:" + phone + " 已停用");
}
return createLoginUser(user);
}
public UserDetails createLoginUser(SysUser user)
{
return new LoginUser(user, permissionService.getMenuPermission(user));
}
}四、service包下类增加@Primary注解
位置:UserDetailsServiceImpl.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.web.service;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.BaseException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysUserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* 用户验证处理
*
* @author ruoyi
*/
@Service
public class SmsUserDetailsServiceImpl implements UserDetailsService
{
private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);
@Autowired
private ISysUserService userService;
@Autowired
private SysPermissionService permissionService;
@Override
public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException
{
SysUser user = userService.selectUserByPhone(phone);
if (StringUtils.isNull(user))
{
log.info("登录手机号:{} 不存在.", phone);
throw new UsernameNotFoundException("登录手机号:" + phone + " 不存在");
}
else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
{
log.info("登录用户:{} 已被删除.", phone);
throw new BaseException("对不起,您的账号:" + phone + " 已被删除");
}
else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
{
log.info("登录用户:{} 已被停用.", phone);
throw new BaseException("对不起,您的账号:" + phone + " 已停用");
}
return createLoginUser(user);
}
public UserDetails createLoginUser(SysUser user)
{
return new LoginUser(user, permissionService.getMenuPermission(user));
}
}五、添加注入配置及放行映射
位置:SecurityConfig.java
a.预览图:
b.详细代码:
package com.ruoyi.framework.config;
import com.ruoyi.framework.smsConfig.SmsCodeAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.web.filter.CorsFilter;
import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
/**
* spring security配置
*
* @author ruoyi
*/
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
/**
* 自定义用户认证逻辑
*/
@Autowired
private UserDetailsService userDetailsService;
/**
* 认证失败处理类
*/
@Autowired
private AuthenticationEntryPointImpl unauthorizedHandler;
/**
* 退出处理类
*/
@Autowired
private LogoutSuccessHandlerImpl logoutSuccessHandler;
/**
* token认证过滤器
*/
@Autowired
private JwtAuthenticationTokenFilter authenticationTokenFilter;
/**
* 跨域过滤器
*/
@Autowired
private CorsFilter corsFilter;
@Autowired
private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
/**
* 解决 无法直接注入 AuthenticationManager
*
* @return
* @throws Exception
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception
{
return super.authenticationManagerBean();
}
/**
* anyRequest | 匹配所有请求路径
* access | SpringEl表达式结果为true时可以访问
* anonymous | 匿名可以访问
* denyAll | 用户不能访问
* fullyAuthenticated | 用户完全认证可以访问(非remember-me下自动登录)
* hasAnyAuthority | 如果有参数,参数表示权限,则其中任何一个权限可以访问
* hasAnyRole | 如果有参数,参数表示角色,则其中任何一个角色可以访问
* hasAuthority | 如果有参数,参数表示权限,则其权限可以访问
* hasIpAddress | 如果有参数,参数表示IP地址,如果用户IP和参数匹配,则可以访问
* hasRole | 如果有参数,参数表示角色,则其角色可以访问
* permitAll | 用户可以任意访问
* rememberMe | 允许通过remember-me登录的用户访问
* authenticated | 用户登录后可访问
*/
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
httpSecurity
.apply(smsCodeAuthenticationSecurityConfig).and()
// CSRF禁用,因为不使用session
.csrf().disable()
// 认证失败处理类
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// 基于token,所以不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
// 过滤请求
.authorizeRequests()
// 对于登录login 验证码captchaImage 允许匿名访问
// 对于登录login 验证码captchaImage 允许匿名访问
.antMatchers("/sms/**").permitAll()
.antMatchers("/login", "/captchaImage").anonymous()
.antMatchers(
HttpMethod.GET,
"/*.html",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/profile/**").anonymous()
.antMatchers("/common/download**").anonymous()
.antMatchers("/common/download/resource**").anonymous()
.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous()
.antMatchers("/druid/**").anonymous()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated()
.and()
.headers().frameOptions().disable();
httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 添加JWT filter
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
// 添加CORS filter
httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
}
/**
* 强散列哈希加密实现
*/
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder()
{
return new BCryptPasswordEncoder();
}
/**
* 身份认证接口
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
}ruoyi-system模块
一、添加手机号查询用户接口
位置:ISysUserService.java
a.预览图:
b.详细代码:
/**
* 通过手机号码查询用户
*
* @param phone 手机号
* @return 用户对象信息
*/
public SysUser selectUserByPhone(String phone);二、添加手机号查询用户接口实现
位置:SysUserServiceImpl.java
a.预览图:
b.详细代码:
/**
* 通过手机号码查询用户
*
* @param phone 手机号
* @return 用户对象信息
*/
@Override
public SysUser selectUserByPhone(String phone) {
return userMapper.selectUserByPhone(phone);
}三、添加手机号查询用户mapper
位置:SysUserMapper.java
1a.预览图:
1b.详细代码:
/**
* 通过手机号码查询用户
*
* @param phone 手机号
* @return 用户对象信息
*/
public SysUser selectUserByPhone(String phone);位置:SysUserMapper.xml
2a.预览图:
2b.详细代码:
前端:
说明:
仅讲解核心部分代码,具体相关的页面随用户喜好
ruoyi-ui模块
增加短信登录和发送短信验证码方法
位置:login.js
a.预览图:
b.详细代码:
// 短信登录方法
export function smsLogin(mobile,smsCode,uuid) {
const data = {
mobile,
smsCode,
uuid
}
return request({
url: '/sms/login',
method: 'post',
data: data
})
}
// 发送短信验证码
export function getSmsCode(mobile) {
const data = {
mobile
}
return request({
url: '/sms/code',
method: 'post',
data:data
})
}增加短信登录方法
位置:user.js
a.预览图:
b.详细代码:
// 短信登录
SmsLogin({ commit }, userInfo) {
const mobile = userInfo.mobile.trim()
const smsCode = userInfo.smsCode
const uuid = userInfo.uuid
return new Promise((resolve, reject) => {
smsLogin( mobile, smsCode, uuid).then(res => {
setToken(res.token)
commit('SET_TOKEN', res.token)
resolve()
}).catch(error => {
reject(error)
})
})
}增加发送短信验证码和短信登录逻辑
位置:login.vue
预览图:
无
b.详细代码:
若依后台管理系统
![]()
{{computeTime>0 ? `(${computeTime}s)已发送` : '获取验证码'}}
记住密码
账号密码登录
短信登录
登 录
登 录 中...