spring security登陆验证扩展 手机验证码，二维码扫码登陆

README.md

@@ -7,13 +7,11 @@ Demo website：http://112.74.60.248:8080/   username: test  password: 123456
 ## Model
 图片待续  
 
-###  Main Model
+## 相关博文
 * consul 注册中心  
 * auth-center 授权中心  
 * api-gateway 网关  
 * main-data 基础数据模块  
-
-### Common Model  
 * common  
 * db-spring-boot-starter   
 * auth-spring-boot-starter  

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/auth/WebSecurityConfig.java

@@ -1,6 +1,9 @@
 package com.peng.auth.provider.config.auth;
 
 
+import com.peng.auth.provider.config.auth.filter.MyLoginAuthenticationFilter;
+import com.peng.auth.provider.config.auth.handler.MyLoginAuthSuccessHandler;
+import com.peng.auth.provider.config.auth.provider.MyAuthenticationProvider;
 import com.peng.auth.provider.service.BaseUserDetailService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.autoconfigure.ManagementServerProperties;
@@ -12,6 +15,7 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.*;
 
 /**
  * Created by fp295 on 2018/4/15.
@@ -27,6 +31,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     @Override
     public void configure(HttpSecurity http) throws Exception {
         http    // 配置登陆页/login并允许访问
+                .addFilterAt(getMyLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                 .formLogin().loginPage("/login").permitAll()
                 // 登出页
                 .and().logout().logoutUrl("/logout").logoutSuccessUrl("/backReferer")
@@ -45,8 +50,7 @@ public void configure(AuthenticationManagerBuilder auth) {
         auth.authenticationProvider(daoAuthenticationProvider());
     }
 
-
-    @Bean
+    /*@Bean
     public DaoAuthenticationProvider daoAuthenticationProvider(){
         DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
         // 设置userDetailsService
@@ -56,5 +60,38 @@ public DaoAuthenticationProvider daoAuthenticationProvider(){
         // 使用BCrypt进行密码的hash
         provider.setPasswordEncoder(new BCryptPasswordEncoder(6));
         return provider;
+    }*/
+
+    /**
+     * 自定义密码验证
+     * @return
+     */
+    @Bean
+    public MyAuthenticationProvider daoAuthenticationProvider(){
+        MyAuthenticationProvider provider = new MyAuthenticationProvider();
+        // 设置userDetailsService
+        provider.setUserDetailsService(baseUserDetailService);
+        // 禁止隐藏用户未找到异常
+        provider.setHideUserNotFoundExceptions(false);
+        // 使用BCrypt进行密码的hash
+        provider.setPasswordEncoder(new BCryptPasswordEncoder(6));
+        return provider;
+    }
+
+    /**
+     * 自定义登陆过滤器
+     * @return
+     */
+    @Bean
+    public MyLoginAuthenticationFilter getMyLoginAuthenticationFilter() {
+        MyLoginAuthenticationFilter filter = new MyLoginAuthenticationFilter();
+        try {
+            filter.setAuthenticationManager(this.authenticationManagerBean());
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        filter.setAuthenticationSuccessHandler(new MyLoginAuthSuccessHandler());
+        filter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login?error"));
+        return filter;
     }
 }

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/auth/filter/MyLoginAuthenticationFilter.java

@@ -0,0 +1,96 @@
+package com.peng.auth.provider.config.auth.filter;
+
+import com.peng.auth.provider.config.auth.token.MyAuthenticationToken;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Created by fp295 on 2018/6/16.
+ * 自定义登陆filter，新增登陆方式：验证码、二维码扫码、账号密码；
+ * 此filter 为生成自定义的 MyAuthenticationToken
+ */
+public class MyLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
+
+    public static final String SPRING_SECURITY_RESTFUL_TYPE_PHONE = "phone";
+    public static final String SPRING_SECURITY_RESTFUL_TYPE_QR = "qr";
+    public static final String SPRING_SECURITY_RESTFUL_TYPE_DEFAULT = "user";
+
+    // 登陆类型：user:用户密码登陆；phone:手机验证码登陆；qr:二维码扫码登陆
+    private static final String SPRING_SECURITY_RESTFUL_TYPE_KEY = "type";
+    // 登陆终端：1：移动端登陆，包括微信公众号、小程序等；0：PC后台登陆
+    private static final String SPRING_SECURITY_RESTFUL_MOBILE_KEY = "mobile";
+    private static final String SPRING_SECURITY_RESTFUL_USERNAME_KEY = "username";
+    private static final String SPRING_SECURITY_RESTFUL_PASSWORD_KEY = "password";
+    private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
+    private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "verifyCode";
+    private static final String SPRING_SECURITY_RESTFUL_QR_CODE_KEY = "qrCode";
+
+    private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/login";
+    private boolean postOnly = true;
+
+    public MyLoginAuthenticationFilter() {
+        super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
+    }
+
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
+        if (postOnly && !request.getMethod().equals("POST")) {
+            throw new AuthenticationServiceException(
+                    "Authentication method not supported: " + request.getMethod());
+        }
+
+        String type = obtainParameter(request, SPRING_SECURITY_RESTFUL_TYPE_KEY);
+        String mobile = obtainParameter(request, SPRING_SECURITY_RESTFUL_MOBILE_KEY);
+        MyAuthenticationToken authRequest;
+        String principal;
+        String credentials;
+
+        // 手机验证码登陆
+        if(SPRING_SECURITY_RESTFUL_TYPE_PHONE.equals(type)){
+            principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
+            credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+        }
+        // 二维码扫码登陆
+        else if(SPRING_SECURITY_RESTFUL_TYPE_QR.equals(type)){
+            principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_QR_CODE_KEY);
+            credentials = null;
+        }
+        // 账号密码登陆
+        else {
+            principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_USERNAME_KEY);
+            credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_PASSWORD_KEY);
+
+        }
+        if (principal == null) {
+            principal = "";
+        }
+        if (credentials == null) {
+            credentials = "";
+        }
+        principal = principal.trim();
+        authRequest = new MyAuthenticationToken(
+                principal, credentials, type, mobile);
+        // Allow subclasses to set the "details" property
+        setDetails(request, authRequest);
+        return this.getAuthenticationManager().authenticate(authRequest);
+    }
+
+    private void setDetails(HttpServletRequest request,
+                            AbstractAuthenticationToken authRequest) {
+        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+    }
+
+    private String obtainParameter(HttpServletRequest request, String parameter) {
+        return request.getParameter(parameter);
+    }
+}

auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/auth/handler/MyLoginAuthSuccessHandler.java

@@ -0,0 +1,25 @@
+package com.peng.auth.provider.config.auth.handler;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
+import org.springframework.security.web.savedrequest.RequestCache;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+/**
+ * Created by fp295 on 2018/6/16.
+ * 登陆成功处理，移动端登陆成功后还需做绑定操作
+ */
+public class MyLoginAuthSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+    private RequestCache requestCache = new HttpSessionRequestCache();
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        System.out.println("onAuthenticationSuccess");
+        super.onAuthenticationSuccess(request, response, authentication);
+    }
+}