若依关于 springsecurity 不用密码登录，自定义第三方登录、免登录_百度小程序

相关推荐recommended

若依关于 springsecurity 不用密码登录，自定义第三方登录、免登录

作者：mmseoamin日期：2023-12-18

用的是若依的前后端分离的版本，项目接口是给小程序用 openid 直接免登录

找到登录方法

 // 用户验证
            Authentication authentication = null;
            try
            {
                UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
                AuthenticationContextHolder.setContext(authenticationToken);
                // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
                authentication = authenticationManager.authenticate(authenticationToken);
            }
            catch (Exception e)
            {
                if (e instanceof BadCredentialsException)
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                    throw new UserPasswordNotMatchException();
                }
                else
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                    throw new ServiceException(e.getMessage());
                }
            }
            finally
            {
                AuthenticationContextHolder.clearContext();
            }
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
            LoginUser loginUser = (LoginUser) authentication.getPrincipal();
            recordLoginInfo(loginUser.getUserId());
            // 生成token
            return tokenService.createToken(loginUser);

他这是根据用户名和密码进行比对、由于密码没办法转换成明文

只能改成如下方法免登录

   //根据openId查询用户
            SysUser sysUser = userService.selectUserByOpenId(openId);
            if (sysUser!=null){
                username=sysUser.getUserName();
                password=sysUser.getPassword();
            }else{
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(openId, Constants.LOGIN_FAIL, "openId错误"));
                throw new UserPasswordNotMatchException();
            }
            Authentication authentication = null;
            try
            {
                //直接不用springsecurity 认证、自己构造出数据
              UserDetails userDetails=new LoginUser(sysUser.getUserId(), sysUser.getDeptId(), sysUser, permissionService.getMenuPermission(sysUser));
                  authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
                        AuthorityUtils.createAuthorityList("ROLE_USER"));
                SecurityContextHolder.getContext().setAuthentication(authentication);
            }
            catch (Exception e)
            {
                if (e instanceof BadCredentialsException)
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                    throw new UserPasswordNotMatchException();
                }
                else
                {
                    AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                    throw new ServiceException(e.getMessage());
                }
            }
            finally
            {
                AuthenticationContextHolder.clearContext();
            }
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
            LoginUser loginUser = (LoginUser) authentication.getPrincipal();
            recordLoginInfo(loginUser.getUserId());
            // 生成token
            return tokenService.createToken(loginUser);

网站建设是什么铜梁网吧合优网官网专业网站优化哪家好怎样做网站赚钱企业邮箱注册免费

上一篇：failed (13: Permission denied) 解决Nginx由于权限导致大文件不能上传的问题

下一篇：SQL server 实现不同服务器之间的数据同步（作业实现）