SpringSecurity的自定义用户密码验证

我的用户密码前台输入后，需要和用户名关联进行加密比较，所以重写了AuthenticationProvider的实现类进行处理；

@Component
public class MyAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private ISysUserService iSysUserService;
    @Autowired
    private PasswordEncorder passwordEncorder;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String username = authentication.getName();
        String presentedPassword = (String)authentication.getCredentials();
        UserDetails userDeatils = null;
        // 根据用户名获取用户信息
        SysUser sysUser = this.iSysUserService.getUserByName(username);
        if (StringUtils.isEmpty(sysUser)) {
            throw new BadCredentialsException("用户名不存在");
        } else {
            userDeatils = new User(username, sysUser.getPassword(), AuthorityUtils.commaSeparatedStringToAuthorityList("USER"));
            // 自定义的加密规则，用户名、输的密码和数据库保存的盐值进行加密
            String encodedPassword = PasswordUtil.encrypt(username, presentedPassword, sysUser.getSalt());
            if (authentication.getCredentials() == null) {
                throw new BadCredentialsException("登录名或密码错误");
            } else if (!this.passwordEncorder.matches(encodedPassword, userDeatils.getPassword())) {
                throw new BadCredentialsException("登录名或密码错误");
            } else {
                UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(userDeatils, authentication.getCredentials(), userDeatils.getAuthorities());
                result.setDetails(authentication.getDetails());
                return result;
            }
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return true;
    }
}

然后在SecurityConfiguration配置中启用

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.authenticationProvider(this.myAuthenticationProvider);
}

原文地址：https://www.cnblogs.com/brucebai/p/12680494.html