|
这里我们利用后台模拟全台传递的密码为加密密码,采用AES加密方式
AES加密工具类
public class EncryptUtil {
/**
* 密钥, 256位32个字节
*/
public static final String DEFAULT_SECRET_KEY = "uBdUx82vPHkDKb284d7NkjFoNcKWBuka";
private static final String AES = "AES";
/**
* 初始向量IV, 初始向量IV的长度规定为128位16个字节, 初始向量的来源为随机生成.
*/
private static GCMParameterSpec gcMParameterSpec;
/**
* 加密解密算法/加密模式/填充方式
*/
private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
static {
SecureRandom random = new SecureRandom();
byte[] bytesIV = new byte[16];
random.nextBytes(bytesIV);
gcMParameterSpec = new GCMParameterSpec(128, bytesIV);
;
java.security.Security.setProperty("crypto.policy", "unlimited");
}
/**
* AES加密
*/
public static String encode(String key, String content) {
try {
SecretKey secretKey = new SecretKeySpec(key.getBytes(), AES);
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcMParameterSpec);
// 获取加密内容的字节数组(这里要设置为utf-8)不然内容中如果有中文和英文混合中文就会解密为乱码1
byte[] byteEncode = content.getBytes(java.nio.charset.StandardCharsets.UTF_8);
// 根据密码器的初始化方式加密
byte[] byteAes = cipher.doFinal(byteEncode);
// 将加密后的数据转换为字符串
return HexUtil.encodeHexStr(byteAes);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* AES解密
*/
public static String decode(String key, String content) {
try {
SecretKey secretKey = new SecretKeySpec(key.getBytes(), AES);
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, secretKey, gcMParameterSpec);
// 将加密并编码后的内容解码成字节数组(使用了hutool中HexUtil的工具类,需要引入hutool依赖)
byte[] byteContent =HexUtil.decodeHex(content);
// 解密
byte[] byteDecode = cipher.doFinal(byteContent);
return new String(byteDecode, StandardCharsets.UTF_8);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static void main(String[] args) {
final String password="6666666";
String encode = encode(DEFAULT_SECRET_KEY, password);
final String decode = decode(DEFAULT_SECRET_KEY, encode);
System.out.println("====加密前"+password);
System.out.println("====解密后"+decode);
}
}
1、Spring Security默认的密码比对主要是依靠DaoAuthenticationProvider下的additionalAuthenticationChecks方法来完成的,我们只需要将additionalAuthenticationChecks方法进行重写,就可以自定义密码比对业务了。
2、由于PasswordEncoder没有提供解密方法,所以采用AES加密,把前端加密的字符串进行解密,再使用passwordEncoder.matches()进行比较。
@Slf4j
public class MyAuthenticationProvider extends DaoAuthenticationProvider {
//自定义类,用于数据库获取用户信息
@Autowired
private MyUserDetailsService userDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
public MyAuthenticationProvider(MyUserDetailsService userDetailsService) {
setUserDetailsService(userDetailsService);
}
@SneakyThrows
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if (authentication.getCredentials() == null) {
this.logger.debug("Authentication failed: no credentials provided");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
} else {
String presentedPassword = authentication.getCredentials().toString();
log.info("加密前密码"+presentedPassword );
//模拟前端加密后密码
presentedPassword = EncryptUtil.encode(EncryptUtil.DEFAULT_SECRET_KEY,presentedPassword);
log.info("加密后密码"+presentedPassword );
// 对登录密码进行解密
presentedPassword = EncryptUtil.decode(EncryptUtil.DEFAULT_SECRET_KEY, presentedPassword);
log.info("解密后密码"+presentedPassword );
if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
this.logger.debug("Authentication failed: password does not match stored value");
throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
}
}
}
}
以上类,需要将MyAuthenticationProvider注入到Spring容器中
@Bean
public MyAuthenticationProvider myAuthenticationProvider() {
MyAuthenticationProvider myAuthenticationProvider = new MyAuthenticationProvider(userDetailsService);
return myAuthenticationProvider;
}
到此就是实现了前台密码加密传输,Spring Security校验过程
|