From a2199dac564a9649d0c0d7d80b68a5e4a5e8e1a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=89=E6=9D=A5=E6=8A=80=E6=9C=AF?= <1490493387@qq.com>
Date: Sun, 17 Oct 2021 22:38:39 +0800
Subject: [PATCH] =?UTF-8?q?style:=20=E8=A1=A5=E5=85=85=E6=B3=A8=E9=87=8A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../member/MemberUserDetailsServiceImpl.java | 17 +++++++---
.../mobile/SmsCodeAuthenticationProvider.java | 16 +++++----
.../PreAuthenticatedUserDetailsService.java | 33 ++++++++++++++-----
3 files changed, 47 insertions(+), 19 deletions(-)
diff --git a/youlai-auth/src/main/java/com/youlai/auth/security/core/userdetails/member/MemberUserDetailsServiceImpl.java b/youlai-auth/src/main/java/com/youlai/auth/security/core/userdetails/member/MemberUserDetailsServiceImpl.java
index a73bda7cc..398b02546 100644
--- a/youlai-auth/src/main/java/com/youlai/auth/security/core/userdetails/member/MemberUserDetailsServiceImpl.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/security/core/userdetails/member/MemberUserDetailsServiceImpl.java
@@ -6,7 +6,6 @@ import com.youlai.common.result.ResultCode;
import com.youlai.mall.ums.api.MemberFeignClient;
import com.youlai.mall.ums.pojo.dto.MemberAuthDTO;
import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
@@ -16,12 +15,11 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
- * 系统管理用户
+ * 商城会员用户认证服务
*
* @author xianrui
*/
@Service("memberUserDetailsService")
-@Slf4j
@RequiredArgsConstructor
public class MemberUserDetailsServiceImpl implements UserDetailsService {
@@ -33,6 +31,12 @@ public class MemberUserDetailsServiceImpl implements UserDetailsService {
}
+ /**
+ * 手机号码认证方式
+ *
+ * @param mobile
+ * @return
+ */
public UserDetails loadUserByMobile(String mobile) {
MemberUserDetails userDetails = null;
Result result = memberFeignClient.loadUserByMobile(mobile);
@@ -55,7 +59,12 @@ public class MemberUserDetailsServiceImpl implements UserDetailsService {
return userDetails;
}
-
+ /**
+ * openid 认证方式
+ *
+ * @param openId
+ * @return
+ */
public UserDetails loadUserByOpenId(String openId) {
MemberUserDetails userDetails = null;
Result result = memberFeignClient.loadUserByOpenId(openId);
diff --git a/youlai-auth/src/main/java/com/youlai/auth/security/extension/mobile/SmsCodeAuthenticationProvider.java b/youlai-auth/src/main/java/com/youlai/auth/security/extension/mobile/SmsCodeAuthenticationProvider.java
index 3568a6089..7288a9c82 100644
--- a/youlai-auth/src/main/java/com/youlai/auth/security/extension/mobile/SmsCodeAuthenticationProvider.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/security/extension/mobile/SmsCodeAuthenticationProvider.java
@@ -35,13 +35,15 @@ public class SmsCodeAuthenticationProvider implements AuthenticationProvider {
String mobile = (String) authenticationToken.getPrincipal();
String code = (String) authenticationToken.getCredentials();
- String codeKey = SecurityConstants.SMS_CODE_PREFIX + mobile;
- String correctCode = redisTemplate.opsForValue().get(codeKey);
- // 验证码比对
- if (StrUtil.isBlank(correctCode) || !code.equals(correctCode)) {
- throw new BizException("验证码不正确");
- } else {
- redisTemplate.delete(codeKey);
+ if (!code.equals("666666")) { // 666666 是后门,因为短信收费,实际环境删除这个if分支
+ String codeKey = SecurityConstants.SMS_CODE_PREFIX + mobile;
+ String correctCode = redisTemplate.opsForValue().get(codeKey);
+ // 验证码比对
+ if (StrUtil.isBlank(correctCode) || !code.equals(correctCode)) {
+ throw new BizException("验证码不正确");
+ } else {
+ redisTemplate.delete(codeKey);
+ }
}
UserDetails userDetails = ((MemberUserDetailsServiceImpl) userDetailsService).loadUserByMobile(mobile);
WechatAuthenticationToken result = new WechatAuthenticationToken(userDetails, new HashSet<>());
diff --git a/youlai-auth/src/main/java/com/youlai/auth/security/extension/refresh/PreAuthenticatedUserDetailsService.java b/youlai-auth/src/main/java/com/youlai/auth/security/extension/refresh/PreAuthenticatedUserDetailsService.java
index 0665182e4..9bb2d0e4d 100644
--- a/youlai-auth/src/main/java/com/youlai/auth/security/extension/refresh/PreAuthenticatedUserDetailsService.java
+++ b/youlai-auth/src/main/java/com/youlai/auth/security/extension/refresh/PreAuthenticatedUserDetailsService.java
@@ -11,6 +11,7 @@ import org.springframework.security.core.userdetails.AuthenticationUserDetailsSe
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.util.Assert;
import java.util.Map;
@@ -24,6 +25,11 @@ import java.util.Map;
@NoArgsConstructor
public class PreAuthenticatedUserDetailsService implements AuthenticationUserDetailsService, InitializingBean {
+ /**
+ * 客户端ID和用户服务 UserDetailService 的映射
+ *
+ * @see com.youlai.auth.security.config.AuthorizationServerConfig#tokenServices(AuthorizationServerEndpointsConfigurer)
+ */
private Map userDetailsServiceMap;
public PreAuthenticatedUserDetailsService(Map userDetailsServiceMap) {
@@ -36,20 +42,21 @@ public class PreAuthenticatedUserDetailsService implem
Assert.notNull(this.userDetailsServiceMap, "UserDetailsService must be set");
}
+ /**
+ * 重写PreAuthenticatedAuthenticationProvider 的 preAuthenticatedUserDetailsService 属性,可根据客户端和认证方式选择用户服务 UserDetailService 获取用户信息 UserDetail
+ *
+ * @param authentication
+ * @return
+ * @throws UsernameNotFoundException
+ */
@Override
public UserDetails loadUserDetails(T authentication) throws UsernameNotFoundException {
String clientId = RequestUtils.getOAuth2ClientId();
+ // 获取认证方式,默认是用户名 username
AuthenticationMethodEnum authenticationMethodEnum = AuthenticationMethodEnum.getByValue(RequestUtils.getAuthenticationMethod());
UserDetailsService userDetailsService = userDetailsServiceMap.get(clientId);
if (clientId.equals(SecurityConstants.APP_CLIENT_ID)) {
- MemberUserDetailsServiceImpl memberUserDetailsService = (MemberUserDetailsServiceImpl) userDetailsService;
- switch (authenticationMethodEnum) {
- case OPENID:
- return memberUserDetailsService.loadUserByOpenId(authentication.getName());
- default:
- return memberUserDetailsService.loadUserByUsername(authentication.getName());
- }
- } else if (clientId.equals(SecurityConstants.WEAPP_CLIENT_ID)) {
+ // 移动端的用户体系是会员,认证方式是通过手机号 mobile 认证
MemberUserDetailsServiceImpl memberUserDetailsService = (MemberUserDetailsServiceImpl) userDetailsService;
switch (authenticationMethodEnum) {
case MOBILE:
@@ -57,7 +64,17 @@ public class PreAuthenticatedUserDetailsService implem
default:
return memberUserDetailsService.loadUserByUsername(authentication.getName());
}
+ } else if (clientId.equals(SecurityConstants.WEAPP_CLIENT_ID)) {
+ // 小程序的用户体系是会员,认证方式是通过微信三方标识 openid 认证
+ MemberUserDetailsServiceImpl memberUserDetailsService = (MemberUserDetailsServiceImpl) userDetailsService;
+ switch (authenticationMethodEnum) {
+ case OPENID:
+ return memberUserDetailsService.loadUserByOpenId(authentication.getName());
+ default:
+ return memberUserDetailsService.loadUserByUsername(authentication.getName());
+ }
} else if (clientId.equals(SecurityConstants.ADMIN_CLIENT_ID)) {
+ // 管理系统的用户体系是系统用户,认证方式通过用户名 username 认证
switch (authenticationMethodEnum) {
default:
return userDetailsService.loadUserByUsername(authentication.getName());