编程知识 cdmana.com

Shiro implements password free login policy wechat code scanning login third party login

                         Shiro Implementation of password free login policy Wechat code scanning login Third party login problem

 

One 、 Scenario description

When doing wechat code scanning login , The process is , According to the WeChat unionId, Find users , When the user status is , You can log in ; Due to the use shiro For the security control center , The user's password is encrypted , And irreversible ; So make one Shiro Secret free login policy .

 

Two 、 Code implementation

1、Shiro The login process

        Subject subject = SecurityUtils.getSubject();
	    UsernamePasswordToken passwordToken = new UsernamePasswordToken();
	    passwordToken.setUsername("");
	    passwordToken.setPassword("");
	    subject.login(passwordToken);

 

2、 establish UsernamePasswordToken Inherit org.apache.shiro.authc.UsernamePasswordToken Attribute added unpass , Set to password free login

public class UsernamePasswordToken extends org.apache.shiro.authc.UsernamePasswordToken {

	private static final long serialVersionUID = 1L;

	private String captcha;
	private boolean mobileLogin;
	private String  requestFlag;
	private boolean unpass=false; //  Whether to log in without password 
 // ignore gettet / setter
}

 

3、 establish WechatHashedCredentialsMatcher Inherit org.apache.shiro.authc.credential.HashedCredentialsMatcher , rewrite doCredentialsMatch Method

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;

/**
 * description:  Wechat code scanning login ---  Password free login 
 * @version v1.0
 * @author w
 * @date 2020 year 12 month 2 On the afternoon of Sunday 5:09:15
 **/
public class WechatHashedCredentialsMatcher extends HashedCredentialsMatcher {

	public WechatHashedCredentialsMatcher() {
		super();
	}

	public WechatHashedCredentialsMatcher(String hashAlgorithmName) {
		super(hashAlgorithmName);
	}

	@Override
		public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
			UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken)token;
			if(usernamePasswordToken.getUnpass()) {
				//  Password free login 
				return true;
			}
			return super.doCredentialsMatch(token, info);
		}
	
}

4、 establish SystemAuthorizingRealm Class inheritance org.apache.shiro.realm.AuthorizingRealm , increase initCredentialsMatcher Method , Override configuration matcher

@Service
public class SystemAuthorizingRealm extends AuthorizingRealm {
    /**
	 *  Set password verification Hash Algorithm and number of iterations 
	 */
	@PostConstruct
	public void initCredentialsMatcher() {
		// HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
		WechatHashedCredentialsMatcher matcher = new WechatHashedCredentialsMatcher(SystemService.HASH_ALGORITHM);
		matcher.setHashIterations(SystemService.HASH_INTERATIONS);
		setCredentialsMatcher(matcher);
	}
 
 }

 

5、 Password free login , Set up unpass = true

usernamePasswordToken.setUnpass(true); //  Password free login verification 

 

3、 ... and 、 summary

1、 To understand Shiro The implementation process of , obtain subject , establish Token , Submit to subject.login() Method for login authentication .

 

2、 Article Shiro xml The configuration part is omitted , For details, please refer to Jeesite project .

 

 

 

Reference material :   @PostConstruct annotation

 

 

 

 

版权声明
本文为[HaHa_ Sir]所创,转载请带上原文链接,感谢
https://cdmana.com/2020/12/20201224214805162t.html

Scroll to Top