diff --git a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthFilter.java b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java similarity index 87% rename from pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthFilter.java rename to pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java index 1863b4a..1ecfa09 100644 --- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthFilter.java +++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java @@ -9,7 +9,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.InternalAuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -21,7 +20,7 @@ import javax.servlet.http.HttpServletResponse; * @Date 2020/8/3 8:46 下午 * @Version 1.0 **/ -public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessingFilter { +public class CredentialAuthFilter extends AbstractAuthenticationProcessingFilter { private boolean postOnly = true; @@ -33,7 +32,7 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing // ~ Constructors // =================================================================================================== - public UsernamePasswordAuthFilter(String processingUrl) { + public CredentialAuthFilter(String processingUrl) { super(new AntPathRequestMatcher(processingUrl, HttpMethod.POST.name())); } @@ -52,14 +51,12 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing if (StringUtils.isBlank(loginType)) { throw new BadCredentialsException("登陆类型不能为空"); } + paramValid(identifier, credential, loginType); - if (StringUtils.isBlank(identifier) || StringUtils.isBlank(credential)) { - throw new UsernameNotFoundException("用户名或密码不能为空"); - } - identifier = identifier.trim(); - credential = credential.trim(); - loginType = loginType.trim(); + identifier = trim(identifier); + credential = trim(credential); + loginType = trim(loginType); try { CredentialAuthToken authRequest = new CredentialAuthToken(identifier, credential, loginType); // Allow subclasses to set the "details" property @@ -78,7 +75,7 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing authRequest.setDetails(authenticationDetailsSource.buildDetails(request)); } - private void valid(String identifier, String credential, String loginType) { + private void paramValid(String identifier, String credential, String loginType) { LoginTypeEnum loginTypeEnum = LoginTypeEnum.valueOf(loginType); switch (loginTypeEnum) { case DING_QR_LOGIN: { @@ -101,4 +98,11 @@ public class UsernamePasswordAuthFilter extends AbstractAuthenticationProcessing break; } } + + private String trim(String trimStr) { + if (StringUtils.isNotBlank(trimStr)) { + return trimStr.trim(); + } + return null; + } } diff --git a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthProvider.java b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthProvider.java similarity index 97% rename from pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthProvider.java rename to pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthProvider.java index e8c6977..e4a5a69 100644 --- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/UsernamePasswordAuthProvider.java +++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthProvider.java @@ -16,7 +16,7 @@ import org.springframework.security.crypto.password.PasswordEncoder; * @Date 2020/8/3 8:55 下午 * @Version 1.0 **/ -public class UsernamePasswordAuthProvider implements AuthenticationProvider { +public class CredentialAuthProvider implements AuthenticationProvider { private UserDetailsService userDetailsService; diff --git a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java index 56b7432..332cfb1 100644 --- a/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java +++ b/pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthSecurityConfig.java @@ -47,21 +47,21 @@ public class CredentialAuthSecurityConfig @Override public void configure(HttpSecurity http) throws Exception { - UsernamePasswordAuthFilter usernamePasswordAuthFilter = - new UsernamePasswordAuthFilter(authProperties.getPasswordLoginUrl()); + CredentialAuthFilter credentialAuthFilter = + new CredentialAuthFilter(authProperties.getPasswordLoginUrl()); authenticationManager = http.getSharedObject(AuthenticationManager.class); - usernamePasswordAuthFilter.setAuthenticationManager(authenticationManager); - usernamePasswordAuthFilter.setAuthenticationSuccessHandler(defaultLoginSuccessHandler); - usernamePasswordAuthFilter.setAuthenticationFailureHandler(defaultLoginFailureHandler); + credentialAuthFilter.setAuthenticationManager(authenticationManager); + credentialAuthFilter.setAuthenticationSuccessHandler(defaultLoginSuccessHandler); + credentialAuthFilter.setAuthenticationFailureHandler(defaultLoginFailureHandler); - UsernamePasswordAuthProvider authenticationProvider = new UsernamePasswordAuthProvider(); + CredentialAuthProvider authenticationProvider = new CredentialAuthProvider(); authenticationProvider.setUserDetailsService(credentialLoginUserDetailService); // 确保对密码进行加密的encoder和解密的encoder相同 authenticationProvider.setPasswordEncoder(passwordEncoder); // 传入浙政钉client authenticationProvider.setZwddAuthClient(zwddAuthClient); - http.authenticationProvider(authenticationProvider).addFilterAfter(usernamePasswordAuthFilter, + http.authenticationProvider(authenticationProvider).addFilterAfter(credentialAuthFilter, UsernamePasswordAuthenticationFilter.class); }