zoukankan      html  css  js  c++  java
  • 基于SpringSecurity google 二次验证

    主要就是 增加安全性,类似于 短信二次验证一样,不过Google 二次验证 提供的是开源一套算法,节约成本,很多网站为了真加安全性,都开启了二次验证 。

    java 具体思路
    1. 网站或者服务端 开启二次验证 ,引入开源工具包
    1. 编写对应的工具类,生成二维码链接,用户扫描绑定 秘钥key

    2. 自定义 AuthenticationProvider,UsernamePasswordAuthenticationToken 在校验完用户密码后再 处理 google 校验逻辑

    代码
    1. 修改配置SpringSecurity
    httpSecurity.authenticationProvider(new CustomerAuthenticationProvider(userDetailsService,bCryptPasswordEncoder()));
    
    1. 自定义 CustomerAuthenticationProvider,CustomerUsernamePasswordAuthenticationToken 直接继承重写父类方法就行

      
      
      public class CustomerAuthenticationProvider extends DaoAuthenticationProvider {
      
          public CustomerAuthenticationProvider(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
              super();
              setUserDetailsService(userDetailsService);
              setPasswordEncoder(bCryptPasswordEncoder);
          }
      
          protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
              if (authentication.getCredentials() == null) {
                  this.logger.debug("Failed to authenticate since no credentials provided");
                  throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
              } else {
                  String presentedPassword = authentication.getCredentials().toString();
                  if (!getPasswordEncoder().matches(presentedPassword, userDetails.getPassword())) {
                      this.logger.debug("Failed to authenticate since password does not match stored value");
                      throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                  }
                  googleAuthenticator((LoginUser) userDetails, (CustomerUsernamePasswordAuthenticationToken) authentication);
      
              }
          }
      
          /**
           * Google 二次验证
           * @param userDetails
           * @param authentication
           */
          private void googleAuthenticator(LoginUser userDetails, CustomerUsernamePasswordAuthenticationToken authentication) {
              // Google 二次验证
              LoginUser loginUser = userDetails;
              SysUser user = loginUser.getUser();
              String googleAuthSecret = user.getGoogleAuthSecret();
              if(StringUtils.isBlank(googleAuthSecret)){
                  throw new ServiceException(GOOGLE_AUTHENTICATOR_401001.getMsg(),GOOGLE_AUTHENTICATOR_401001.getCode());
              }
              CustomerUsernamePasswordAuthenticationToken customerToken = authentication;
              String code = customerToken.getCode();
              boolean valid = GoogleAuthenticatorUtils.valid(googleAuthSecret, Integer.valueOf(code).intValue());
              if(!valid){
                  throw new ServiceException("Google Authenticator 验证码错误");
              }
          }
      
      }
      
      public class CustomerUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {
          /**
           * Google 二次验证 生成 code
           */
          private String code;
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials) {
              super(principal, credentials);
          }
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials,String code) {
              super(principal, credentials);
              this.code = code;
          }
      
          public CustomerUsernamePasswordAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
              super(principal, credentials, authorities);
      
          }
      
          public String getCode() {
              return code;
          }
      
          public void setCode(String code) {
              this.code = code;
          }
      }
      
      // 调用自定义 CustomerUsernamePasswordAuthenticationToken
      authentication = authenticationManager
                          .authenticate(new CustomerUsernamePasswordAuthenticationToken(username, password,code));
      
    elk
  • 相关阅读:
    Codeforces Round #693 (Div. 3) G. Moving to the Capital (图,dp)
    Educational Codeforces Round 102 (Rated for Div. 2) B. String LCM (构造,思维)
    Hadoop离线计算——环境搭建(一)
    大数据项目开发进度(实时更新)
    【迭代式开发】v1架构设计文档——大数据开发实战项目(三)
    【迭代式开发】V1软件需求规格说明书——大数据开发实战项目(二)
    Flume安装——环境搭建(二)
    【中英双语】Spark官方文档解读(一)——Spark概述
    TortoiseSVN使用教程【多图超详细】——大数据开发实习day1
    【深度学习TPU+Keras+Tensorflow+EfficientNetB7】kaggle竞赛 使用TPU对104种花朵进行分类 第十八次尝试 99.9%准确率
  • 原文地址:https://www.cnblogs.com/lyc88/p/15703854.html
Copyright © 2011-2022 走看看