Spring Security短信验证码登录

38.Spring-Security-SmsCode/pom.xml

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>cc.mrbird</groupId>
+    <artifactId>Security</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <name>Security</name>
+    <description>Demo project for Spring Boot</description>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>1.5.14.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <java.version>1.8</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.social</groupId>
+            <artifactId>spring-social-config</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.7</version>
+        </dependency>
+
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+
+</project>

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/SecurityApplication.java

@@ -0,0 +1,12 @@
+package cc.mrbird;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SecurityApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SecurityApplication.class, args);
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/domain/MyUser.java

@@ -0,0 +1,67 @@
+package cc.mrbird.domain;
+
+import java.io.Serializable;
+
+public class MyUser implements Serializable {
+    private static final long serialVersionUID = 3497935890426858541L;
+
+    private String userName;
+
+    private String password;
+
+    private boolean accountNonExpired = true;
+
+    private boolean accountNonLocked= true;
+
+    private boolean credentialsNonExpired= true;
+
+    private boolean enabled= true;
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public boolean isAccountNonExpired() {
+        return accountNonExpired;
+    }
+
+    public void setAccountNonExpired(boolean accountNonExpired) {
+        this.accountNonExpired = accountNonExpired;
+    }
+
+    public boolean isAccountNonLocked() {
+        return accountNonLocked;
+    }
+
+    public void setAccountNonLocked(boolean accountNonLocked) {
+        this.accountNonLocked = accountNonLocked;
+    }
+
+    public boolean isCredentialsNonExpired() {
+        return credentialsNonExpired;
+    }
+
+    public void setCredentialsNonExpired(boolean credentialsNonExpired) {
+        this.credentialsNonExpired = credentialsNonExpired;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/handler/MyAuthenticationFailureHandler.java

@@ -0,0 +1,29 @@
+package cc.mrbird.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler {
+
+    @Autowired
+    private ObjectMapper mapper;
+
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException exception) throws IOException {
+        response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
+        response.setContentType("application/json;charset=utf-8");
+        response.getWriter().write(mapper.writeValueAsString(exception.getMessage()));
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/handler/MyAuthenticationSucessHandler.java

@@ -0,0 +1,40 @@
+package cc.mrbird.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.DefaultRedirectStrategy;
+import org.springframework.security.web.RedirectStrategy;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class MyAuthenticationSucessHandler implements AuthenticationSuccessHandler {
+
+    // private RequestCache requestCache = new HttpSessionRequestCache();
+
+    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+    //
+    // @Autowired
+    // private ObjectMapper mapper;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException {
+        // response.setContentType("application/json;charset=utf-8");
+        // response.getWriter().write(mapper.writeValueAsString(authentication));
+        // SavedRequest savedRequest = requestCache.getRequest(request, response);
+        // System.out.println(savedRequest.getRedirectUrl());
+        // redirectStrategy.sendRedirect(request, response, savedRequest.getRedirectUrl());
+        redirectStrategy.sendRedirect(request, response, "/index");
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/security/browser/BrowserSecurityConfig.java

@@ -0,0 +1,62 @@
+package cc.mrbird.security.browser;
+
+import cc.mrbird.handler.MyAuthenticationFailureHandler;
+import cc.mrbird.handler.MyAuthenticationSucessHandler;
+import cc.mrbird.validate.code.ValidateCodeFilter;
+import cc.mrbird.validate.smscode.SmsAuthenticationConfig;
+import cc.mrbird.validate.smscode.SmsAuthenticationFilter;
+import cc.mrbird.validate.smscode.SmsCodeFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    private MyAuthenticationSucessHandler authenticationSucessHandler;
+
+    @Autowired
+    private MyAuthenticationFailureHandler authenticationFailureHandler;
+
+    @Autowired
+    private ValidateCodeFilter validateCodeFilter;
+
+    @Autowired
+    private SmsCodeFilter smsCodeFilter;
+
+    @Autowired
+    private SmsAuthenticationConfig smsAuthenticationConfig;
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class) // 添加验证码校验过滤器
+            .addFilterBefore(smsCodeFilter,UsernamePasswordAuthenticationFilter.class) // 添加短信验证码校验过滤器
+                .formLogin() // 表单登录
+                    // http.httpBasic() // HTTP Basic
+                    .loginPage("/authentication/require") // 登录跳转 URL
+                    .loginProcessingUrl("/login") // 处理表单登录 URL
+                    .successHandler(authenticationSucessHandler) // 处理登录成功
+                    .failureHandler(authenticationFailureHandler) // 处理登录失败
+                .and()
+                    .authorizeRequests() // 授权配置
+                    .antMatchers("/authentication/require",
+                            "/login.html", "/code/image","/code/sms").permitAll() // 无需认证的请求路径
+                    .anyRequest()  // 所有请求
+                    .authenticated() // 都需要认证
+                .and()
+                    .csrf().disable()
+                .apply(smsAuthenticationConfig); // 将短信验证码认证配置加到 Spring Security 中
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/security/browser/UserDetailService.java

@@ -0,0 +1,32 @@
+package cc.mrbird.security.browser;
+
+import cc.mrbird.domain.MyUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class UserDetailService implements UserDetailsService {
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        // 模拟一个用户，替代数据库获取逻辑
+        MyUser user = new MyUser();
+        user.setUserName(username);
+        user.setPassword(this.passwordEncoder.encode("123456"));
+        // 输出加密后的密码
+        System.out.println(user.getPassword());
+
+        return new User(username, user.getPassword(), user.isEnabled(),
+                user.isAccountNonExpired(), user.isCredentialsNonExpired(),
+                user.isAccountNonLocked(), AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/validate/code/ImageCode.java

@@ -0,0 +1,53 @@
+package cc.mrbird.validate.code;
+
+import java.awt.image.BufferedImage;
+import java.time.LocalDateTime;
+
+public class ImageCode {
+
+    private BufferedImage image;
+
+    private String code;
+
+    private LocalDateTime expireTime;
+
+    public ImageCode(BufferedImage image, String code, int expireIn) {
+        this.image = image;
+        this.code = code;
+        this.expireTime = LocalDateTime.now().plusSeconds(expireIn);
+    }
+
+    public ImageCode(BufferedImage image, String code, LocalDateTime expireTime) {
+        this.image = image;
+        this.code = code;
+        this.expireTime = expireTime;
+    }
+
+    boolean isExpire() {
+        return LocalDateTime.now().isAfter(expireTime);
+    }
+
+    public BufferedImage getImage() {
+        return image;
+    }
+
+    public void setImage(BufferedImage image) {
+        this.image = image;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public LocalDateTime getExpireTime() {
+        return expireTime;
+    }
+
+    public void setExpireTime(LocalDateTime expireTime) {
+        this.expireTime = expireTime;
+    }
+}

38.Spring-Security-SmsCode/src/main/java/cc/mrbird/validate/code/ValidateCodeException.java

@@ -0,0 +1,11 @@
+package cc.mrbird.validate.code;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class ValidateCodeException extends AuthenticationException {
+    private static final long serialVersionUID = 5022575393500654458L;
+
+    public ValidateCodeException(String message) {
+        super(message);
+    }
+}