grails框架下修改acegi权限框架的加密方式
来源:互联网 发布:python写爬虫 编辑:程序博客网 时间:2024/05/18 01:27
1、重写加密算法,这里用的是明文
package cn.eshore.encodePassword;import org.springframework.security.providers.encoding.BasePasswordEncoder;/** * Created by Administrator on 2017/4/12. */public class PlaintextPasswordOverwriteEncoder extends BasePasswordEncoder { //~ Instance fields ================================================================================================ private boolean ignorePasswordCase = false; //~ Methods ======================================================================================================== public String encodePassword(String rawPass, Object salt) { return mergePasswordAndSalt(rawPass, salt, true); } public boolean isIgnorePasswordCase() { return ignorePasswordCase; } public boolean isPasswordValid(String encPass, String rawPass, Object salt) { if(salt.equals(true)) return true; String pass1 = encPass + ""; // Strict delimiters is false because pass2 never persisted anywhere // and we want to avoid unnecessary exceptions as a result (the // authentication will fail as the encodePassword never allows them) String pass2 = mergePasswordAndSalt(rawPass, "", false); if (!ignorePasswordCase) { return pass1.equals(pass2); } else { return pass1.equalsIgnoreCase(pass2); } } /** * Demerges the previously {@link #encodePassword(String, Object)}<code>String</code>.<P>The resulting * array is guaranteed to always contain two elements. The first is the password, and the second is the salt.</p> * <P>Throws an exception if <code>null</code> or an empty <code>String</code> is passed to the method.</p> * * @param password from {@link #encodePassword(String, Object)} * * @return an array containing the password and salt */ public String[] obtainPasswordAndSalt(String password) { return demergePasswordAndSalt(password); } /** * Indicates whether the password comparison is case sensitive.<P>Defaults to <code>false</code>, meaning * an exact case match is required.</p> * * @param ignorePasswordCase set to <code>true</code> for less stringent comparison */ public void setIgnorePasswordCase(boolean ignorePasswordCase) { this.ignorePasswordCase = ignorePasswordCase; }}
2、在resources.groovy里配置bean
passwordEncoder(cn.eshore.encodePassword.PlaintextPasswordOverwriteEncoder)
3、添加org.codehaus.groovy.grails.plugins.springsecurity.DaoAuthenticationOverwriteProvider(重写类,添加业务判断)
package org.codehaus.groovy.grails.plugins.springsecurityimport com.sun.org.apache.xpath.internal.operations.Boolimport org.springframework.dao.DataAccessExceptionimport org.springframework.security.AuthenticationExceptionimport org.springframework.security.AuthenticationServiceExceptionimport org.springframework.security.BadCredentialsExceptionimport org.springframework.security.providers.UsernamePasswordAuthenticationTokenimport org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProviderimport org.springframework.security.providers.dao.SaltSourceimport org.springframework.security.providers.encoding.PasswordEncoderimport org.springframework.security.providers.encoding.PlaintextPasswordEncoderimport org.springframework.security.userdetails.UserDetailsimport org.springframework.security.userdetails.UserDetailsServiceimport org.springframework.util.Assert/** * Created by xiongcc on 2017/4/12. */class DaoAuthenticationOverwriteProvider extends AbstractUserDetailsAuthenticationProvider{ //~ Instance fields ================================================================================================ private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder(); private SaltSource saltSource; private UserDetailsService userDetailsService; private boolean includeDetailsObject = true; //~ Methods ======================================================================================================== protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { Object salt = null; if (this.saltSource != null) { salt = this.saltSource.getSalt(userDetails); } if (authentication.getCredentials() == null) { throw new BadCredentialsException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null); } String presentedPassword = authentication.getCredentials().toString(); //通过orgInfo的singleLogin来判断是否可以通过账号直接登陆 String singlePointLongin = userDetails.domainClass.org.singleLogin; salt = singlePointLongin.equals("yes") if (!passwordEncoder.isPasswordValid(userDetails.getPassword(), presentedPassword, salt)) { throw new BadCredentialsException(messages.getMessage( "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"), includeDetailsObject ? userDetails : null); } } protected void doAfterPropertiesSet() throws Exception { Assert.notNull(this.userDetailsService, "A UserDetailsService must be set"); } protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { UserDetails loadedUser; try { loadedUser = this.getUserDetailsService().loadUserByUsername(username); } catch (DataAccessException repositoryProblem) { throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem); } if (loadedUser == null) { throw new AuthenticationServiceException( "UserDetailsService returned null, which is an interface contract violation"); } return loadedUser; } /** * Sets the PasswordEncoder instance to be used to encode and validate passwords. * If not set, {@link PlaintextPasswordEncoder} will be used by default. * * @param passwordEncoder The passwordEncoder to use */ public void setPasswordEncoder(PasswordEncoder passwordEncoder) { this.passwordEncoder = passwordEncoder; } protected PasswordEncoder getPasswordEncoder() { return passwordEncoder; } /** * The source of salts to use when decoding passwords. <code>null</code> * is a valid value, meaning the <code>DaoAuthenticationProvider</code> * will present <code>null</code> to the relevant <code>PasswordEncoder</code>. * * @param saltSource to use when attempting to decode passwords via the <code>PasswordEncoder</code> */ public void setSaltSource(SaltSource saltSource) { this.saltSource = saltSource; } protected SaltSource getSaltSource() { return saltSource; } public void setUserDetailsService(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } protected UserDetailsService getUserDetailsService() { return userDetailsService; } protected boolean isIncludeDetailsObject() { return includeDetailsObject; } /** * Determines whether the UserDetails will be included in the <tt>extraInformation</tt> field of a * thrown BadCredentialsException. Defaults to true, but can be set to false if the exception will be * used with a remoting protocol, for example. * * @deprecated use {@link org.springframework.security.providers.ProviderManager#setClearExtraInformation(boolean)} */ public void setIncludeDetailsObject(boolean includeDetailsObject) { this.includeDetailsObject = includeDetailsObject; }}
重点见additionalAuthenticationChecks方法
4、修改org.codehaus.groovy.grails.plugins.springsecurity.GrailsDaoAuthenticationProvider的父类是DaoAuthenticationOverwriteProvider
/* Copyright 2006-2009 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */package org.codehaus.groovy.grails.plugins.springsecurityimport org.springframework.security.AuthenticationExceptionimport org.springframework.security.providers.UsernamePasswordAuthenticationTokenimport org.springframework.security.ui.ntlm.NtlmUsernamePasswordAuthenticationTokenimport org.springframework.security.userdetails.UserDetails/** * @author Martin Vlcek * @author <a href='mailto:beckwithb@studentsonly.com'>Burt Beckwith</a> */class GrailsDaoAuthenticationProvider extends DaoAuthenticationOverwriteProvider {@Overrideprotected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { // don't check password in case of NTLM authentication if (!(authentication instanceof NtlmUsernamePasswordAuthenticationToken)) { super.additionalAuthenticationChecks(userDetails, authentication) } }}
备注:3和4的文件写在aecgi的plugin里
0 0
- grails框架下修改acegi权限框架的加密方式
- Grails--java下的快速开发框架
- Groovy语言下的Grails框架
- Acegi框架
- 在Acegi认证框架下的ajax异步登录处理
- [JAVA][ACEGI]Acegi安全框架在AJAX下的超时控制
- grails下acegi的访问规则的配置
- Spring Acegi框架鉴权的实现
- Spring Acegi框架授权的实现
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- Acegi框架介绍
- [牛客]拼接最小字典序练习题
- 获取Jenkins project build结果
- Java和PHP在Web开发方面的八大对比
- bootstrap-suggest-plugin (bsSuggest) 联想搜索插件之——中文字符在IE下POST 时乱码现象解决方案
- 把排序数组转换为高度最小的二叉搜索树
- grails框架下修改acegi权限框架的加密方式
- Redis复制功能简述
- typedef相关
- Python函数调用“传引用”还是”传值“
- Qt下使用OpenCV2.3.1静态编译报错,解决过程记录
- 计算机基础之牛客网刷题第二篇
- For artifact {null:null:null:jar}: The groupId cannot be empty解决办法
- OV9712+3518EV200
- 哈希标记取代(KMP和AC自动机)poj3690