Spring security custom authentication login process record

Spring security usage categories:

I believe Baidu knows how to use spring security. There are four kinds of usage, from simple to deep:

1. Without the database, all the data is written in the configuration file, which is also the demo in the official document;

2. Use the database and design the database according to the default implementation code of spring security, that is, the database has been fixed. This method is not flexible, and the database design is very simple and poor practicability;

3. Unlike Acegi, spring security cannot modify the default filter, but supports inserting filters. Therefore, we can insert our own filters to use them flexibly;

4. Violence means to modify the source code. The above-mentioned modification of the default filter is only to modify the configuration file to replace the filter. This directly changes the source code inside, but this does not conform to the OO design principles, is not practical and is not available.

This article mainly introduces the content related to spring security user-defined authentication login, which can be shared for your reference and learning. I won't say much below. Let's take a look at the detailed introduction together.

1. Summary

1.1. brief introduction

Spring security is a security framework based on spring AOP and servlet filter to manage authority authentication, etc.

1.2. Spring security custom authentication process

1) Certification process

Generate unauthenticated authenticationtoken

2) Add authenticationfilter to the security filter chain (configured in the resource server), such as:

Or:

2. Take SMS login of mobile phone number as an example

2.1. development environment

2.2. Core code analysis

2.2. 1. Customize login authentication process

2.2. 1.1. User defined authentication login token

Note:

Setauthenticated(): judge whether it has been authenticated

2.2. 1.1. Custom authentication login filter

Note: attemptauthentication() method:

2.2. 1.1. Custom authentication login provider

Note: authenticate() method

2.2. 1.1. Custom authentication login authentication configuration

Note: configure() method

Instantiate authenticationfilter and authenticationprovider

Add authenticationfilter and authenticationprovider to spring security.

2.2. 2. Verification of user-defined verification code based on redis

2.2. 2.1. Redis based custom verification code filter

Note: dofilterinternal ()

User defined verification code filtering verification

2.2. 2.2. Add a custom Authenticode filter to the spring security filter chain

Note: before adding to the certification pretreatment filter

3. Test effect

Finally, attach the source code address: https://gitee.com/CatalpaFlat/springSecurity.git (local download)