grails框架下修改acegi权限框架的加密方式

1、重写加密算法，这里用的是明文

package cn.eshore.encodePassword;import org.springframework.security.providers.encoding.BasePasswordEncoder;/** * Created by Administrator on 2017/4/12. */public class PlaintextPasswordOverwriteEncoder extends BasePasswordEncoder {    //~ Instance fields ================================================================================================    private boolean ignorePasswordCase = false;    //~ Methods ========================================================================================================    public String encodePassword(String rawPass, Object salt) {        return mergePasswordAndSalt(rawPass, salt, true);    }    public boolean isIgnorePasswordCase() {        return ignorePasswordCase;    }    public boolean isPasswordValid(String encPass, String rawPass, Object salt) {        if(salt.equals(true))            return true;        String pass1 = encPass + "";        // Strict delimiters is false because pass2 never persisted anywhere        // and we want to avoid unnecessary exceptions as a result (the        // authentication will fail as the encodePassword never allows them)        String pass2 = mergePasswordAndSalt(rawPass, "", false);        if (!ignorePasswordCase) {            return pass1.equals(pass2);        } else {            return pass1.equalsIgnoreCase(pass2);        }    }    /**     * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting     * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p>     *  <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p>     *     * @param password from {@link #encodePassword(String, Object)}     *     * @return an array containing the password and salt     */    public String[] obtainPasswordAndSalt(String password) {        return demergePasswordAndSalt(password);    }    /**     * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning     * an exact case match is required.</p>     *     * @param ignorePasswordCase set to <code>true</code> for less stringent comparison     */    public void setIgnorePasswordCase(boolean ignorePasswordCase) {        this.ignorePasswordCase = ignorePasswordCase;    }}

2、在resources.groovy里配置bean

 passwordEncoder(cn.eshore.encodePassword.PlaintextPasswordOverwriteEncoder)

3、添加org.codehaus.groovy.grails.plugins.springsecurity.DaoAuthenticationOverwriteProvider(重写类，添加业务判断)

package org.codehaus.groovy.grails.plugins.springsecurityimport com.sun.org.apache.xpath.internal.operations.Boolimport org.springframework.dao.DataAccessExceptionimport org.springframework.security.AuthenticationExceptionimport org.springframework.security.AuthenticationServiceExceptionimport org.springframework.security.BadCredentialsExceptionimport org.springframework.security.providers.UsernamePasswordAuthenticationTokenimport org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProviderimport org.springframework.security.providers.dao.SaltSourceimport org.springframework.security.providers.encoding.PasswordEncoderimport org.springframework.security.providers.encoding.PlaintextPasswordEncoderimport org.springframework.security.userdetails.UserDetailsimport org.springframework.security.userdetails.UserDetailsServiceimport org.springframework.util.Assert/** * Created by xiongcc on 2017/4/12. */class DaoAuthenticationOverwriteProvider extends AbstractUserDetailsAuthenticationProvider{    //~ Instance fields ================================================================================================    private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();    private SaltSource saltSource;    private UserDetailsService userDetailsService;    private boolean includeDetailsObject = true;    //~ Methods ========================================================================================================    protected void additionalAuthenticationChecks(UserDetails userDetails,                                                  UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {        Object salt = null;        if (this.saltSource != null) {            salt = this.saltSource.getSalt(userDetails);        }        if (authentication.getCredentials() == null) {            throw new BadCredentialsException(messages.getMessage(                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),                    includeDetailsObject ? userDetails : null);        }        String presentedPassword = authentication.getCredentials().toString();        //通过orgInfo的singleLogin来判断是否可以通过账号直接登陆        String singlePointLongin = userDetails.domainClass.org.singleLogin;        salt = singlePointLongin.equals("yes")        if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) {            throw new BadCredentialsException(messages.getMessage(                    "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"),                    includeDetailsObject ? userDetails : null);        }    }    protected void doAfterPropertiesSet() throws Exception {        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");    }    protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)            throws AuthenticationException {        UserDetails loadedUser;        try {            loadedUser = this.getUserDetailsService().loadUserByUsername(username);        }        catch (DataAccessException repositoryProblem) {            throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);        }        if (loadedUser == null) {            throw new AuthenticationServiceException(                    "UserDetailsService returned null, which is an interface contract violation");        }        return loadedUser;    }    /**     * Sets the PasswordEncoder instance to be used to encode and validate passwords.     * If not set, {@link PlaintextPasswordEncoder} will be used by default.     *     * @param passwordEncoder The passwordEncoder to use     */    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {        this.passwordEncoder = passwordEncoder;    }    protected PasswordEncoder getPasswordEncoder() {        return passwordEncoder;    }    /**     * The source of salts to use when decoding passwords. <code>null</code>     * is a valid value, meaning the <code>DaoAuthenticationProvider</code>     * will present <code>null</code> to the relevant <code>PasswordEncoder</code>.     *     * @param saltSource to use when attempting to decode passwords via the <code>PasswordEncoder</code>     */    public void setSaltSource(SaltSource saltSource) {        this.saltSource = saltSource;    }    protected SaltSource getSaltSource() {        return saltSource;    }    public void setUserDetailsService(UserDetailsService userDetailsService) {        this.userDetailsService = userDetailsService;    }    protected UserDetailsService getUserDetailsService() {        return userDetailsService;    }    protected boolean isIncludeDetailsObject() {        return includeDetailsObject;    }    /**     * Determines whether the UserDetails will be included in the <tt>extraInformation</tt> field of a     * thrown BadCredentialsException. Defaults to true, but can be set to false if the exception will be     * used with a remoting protocol, for example.     *     * @deprecated use {@link org.springframework.security.providers.ProviderManager#setClearExtraInformation(boolean)}     */    public void setIncludeDetailsObject(boolean includeDetailsObject) {        this.includeDetailsObject = includeDetailsObject;    }}

重点见additionalAuthenticationChecks方法

4、修改org.codehaus.groovy.grails.plugins.springsecurity.GrailsDaoAuthenticationProvider的父类是DaoAuthenticationOverwriteProvider 

/* Copyright 2006-2009 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * *      http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.codehaus.groovy.grails.plugins.springsecurityimport org.springframework.security.AuthenticationExceptionimport org.springframework.security.providers.UsernamePasswordAuthenticationTokenimport org.springframework.security.ui.ntlm.NtlmUsernamePasswordAuthenticationTokenimport org.springframework.security.userdetails.UserDetails/** * @author Martin Vlcek * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a> */class GrailsDaoAuthenticationProvider extends DaoAuthenticationOverwriteProvider {@Overrideprotected void additionalAuthenticationChecks(UserDetails userDetails,            UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {        // don't check password in case of NTLM authentication        if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) {            super.additionalAuthenticationChecks(userDetails, authentication)        }    }}

备注：3和4的文件写在aecgi的plugin里