如何使用 SpringSecurity 权限认证、将图形认证码和短信认证码整合到 SpringSecurity 过滤器链中

发布于:2025-04-16 ⋅ 阅读:(42) ⋅ 点赞:(0)

Spring Security 权限认证与验证码集成指南

目录

  1. 概述
  2. 项目准备
  3. 基础权限认证实现
  4. 图形验证码集成
  5. 短信验证码集成
  6. 用户详情服务实现
  7. 前端登录表单示例
  8. 实际项目优化建议
  9. 总结

1. 概述

本文档详细介绍如何在Spring Security中集成图形验证码和短信验证码,实现更安全的权限认证系统。通过将验证码校验逻辑集成到Spring Security的过滤器链中,使得验证码校验成为认证过程的一部分,提高了系统的安全性。

主要实现功能包括:

  1. 基础权限认证:基于角色的访问控制
  2. 图形验证码集成:防止暴力破解
  3. 短信验证码集成:提供手机号登录方式

2. 项目准备

2.1 添加依赖

首先,创建一个Spring Boot项目,并添加必要的依赖:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
    <groupId>com.github.penggle</groupId>
    <artifactId>kaptcha</artifactId>
    <version>2.3.2</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt</artifactId>
    <version>0.9.1</version>
</dependency>

3. 基础权限认证实现

3.1 创建安全配置类

创建SecurityConfig类,配置基本的安全规则:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
   

    @Override
    protected void configure(HttpSecurity http) throws Exception {
   
        http
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/login", "/register", "/captcha/**", "/sms/**").permitAll()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/user/**").hasRole("USER")
                .anyRequest().authenticated()
            .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/doLogin")
                .successHandler(new AuthenticationSuccessHandler() {
   
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest request, 
                                                        HttpServletResponse response, 
                                                        Authentication authentication) throws IOException {
   
                        response.setContentType("application/json;charset=utf-8");
                        response.getWriter().write("{\"status\":\"success\",\"msg\":\"登录成功\"}");
                    }
                })
                .failureHandler(new AuthenticationFailureHandler() {
   
                    @Override
                    public void onAuthenticationFailure(HttpServletRequest request, 
                                                        HttpServletResponse response, 
                                                        AuthenticationException exception) throws IOException {
   
                        response.setContentType("application/json;charset=utf-8");
                        response.getWriter().write("{\"status\":\"error\",\"msg\":\"" + exception.getMessage() + "\"}");
                    }
                });
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
   
        return new BCryptPasswordEncoder();
    }
}

4. 图形验证码集成

4.1 创建验证码配置类

@Configuration
public class CaptchaConfig {
   
    
    @Bean
    public DefaultKaptcha defaultKaptcha() {
   
        DefaultKaptcha defaultKaptcha = new DefaultKaptcha();
        Properties properties = new Properties();
        // 配置验证码属性
        properties.setProperty(KAPTCHA_BORDER, "yes");
        properties.setProperty(KAPTCHA_BORDER_COLOR, "105,179,90");
        properties.setProperty(KAPTCHA_TEXTPRODUCER_FONT_COLOR, "blue");
        properties.setProperty(KAPTCHA_IMAGE_WIDTH, "110");
        properties.setProperty(KAPTCHA_IMAGE_HEIGHT, "40");
        properties.setProperty(KAPTCHA_TEXTPRODUCER_FONT_SIZE, "30");
        properties.setProperty(KAPTCHA_TEXTPRODUCER_CHAR_LENGTH, "4");
        properties.setProperty(KAPTCHA_TEXTPRODUCER_FONT_NAMES, "宋体,楷体,微软雅黑");
        
        Config config = new Config(properties);
        defaultKaptcha.setConfig(config

网站公告

今日签到

点亮在社区的每一天
去签到