是加密引发的一场代码改动:::
原代码:UserDetails user =userDetailsService.loadUserByUsername(username);
现代码:ChannelUserDetails user = (ChannelUserDetails)userDetailsService.loadUserByUsername(username);
Md5PasswordEncoder encoder = new Md5PasswordEncoder();
if (!encoder.isPasswordValid(user.getPassword(),password, user.getSalt())) {
throw new BadCredentialsException("Wrong password.");
}else {
//进行登录
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return new UsernamePasswordAuthenticationToken(user, password, authorities);
}
这些代码正是保存user其中字段的比如roles,看看这些代码的严谨度,,唉,,,
ChannelResponse<UserDTO> response = userService.getUserByName(arg0);o
log.error("query user error:{}",response.getMsg());
throw new UsernameNotFoundException("user not find by "+arg0+".");
}
if(response.getData()==null) {
throw new UsernameNotFoundException("user not find by "+arg0+".");
}
log.debug("user:{}",response.getData());
UserDTO userDTO = response.getData();
Set<String> roles = new HashSet<>();
//调用方法获得角色
roles.add("ROLE_user");
ChannelUserDetails details = new ChannelUserDetails(userDTO,roles);
return details;
就在刚才 ,这个。getSalt()方法怎么都引不进来,提示说 这个user的包路径不对,可是怎么改还是不对,随后就是挨骂的时候了;大哥凶巴巴的告诉我,没有的就加啊!
现在的ChannelUserDetails就是新加的一个类,看看这个类发生了点什么吧。。。。。
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import com.ifa.cloud.channel.user.model.dto.UserDTO;
import lombok.AllArgsConstructor;
@AllArgsContructor: 会生成一个包含所有变量,同时如果变量使用了NotNull annotation , 会进行是否为空的校验, 我们来看一下官方给出的一个例子
public class ChannelUserDetails implements UserDetails{
private static final long serialVersionUID = -3729545293466527935L;
private UserDTO user;
private Set<String> roles;
@Overridee
public Collection<? extends GrantedAuthority> getAuthorities() {//是MD5加密的时候用的
Collection<SimpleGrantedAuthority> collection = new HashSet<SimpleGrantedAuthority>();
for (String role : roles) {
collection.add(new SimpleGrantedAuthority(role));
}
return collection;
}
@Override
public String getPassword() {
return user.password;
}
@Override
public String getUsername() {
return user.username;
}
public String getSalt() {
return user.salt;//这里就调用了user的东西了
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;//是否启用
}
}
2.刚才我的service里面org.springframework.security.authentication.encoding.Md5PasswordEncoder 引不进去,我就在pom.xml中根据上一个项目添加的,如下
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>
呜呜。。。。其实是这样的,我就在其他项目搜了一下,结果引进去不报错了,可是谁又知道我引的这两个是干吗的??后来大哥又把我的代码改了,非常敬重,自己快要自卑到尘埃里了,哦 my gad!! 没有测试通的代码不要提交,万一有问题,也正好遇到人家要发版到测试,你就罪过大了
大哥改成了这个样子:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>