我已经使用用户名和密码创建了一个登录名,但还想添加一个电子邮件。因此,您可以使用电子邮件和密码或用户名和密码作为登录名,任何建议都会有所帮助。
我的模特
public class Customer {
@Id
private String id;
private String username;
private email;
@Size(max = 120)
private String password;
//Constructor with getters and setters
我的身份验证控制器,它读取您的用户名和加密密码
@PostMapping("/signin")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
//Gets username/password form login request authenticateManager then auth login account
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
//Update Security context using auth object
SecurityContextHolder.getContext().setAuthentication(authentication);
//Generate web token
String jwt = jwtUtils.generateJwtToken(authentication);
//Get userDetails from auth obj
UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
//response contains JWT and UserDetails data
return ResponseEntity.ok(new JwtResponse(jwt,
userDetails.getId(),
userDetails.getUsername(),
userDetails.getEmail(),
));
}
我的登录请求模型
private String username;
private String password;
//getters and setters
我的安全配置(我应该在代码中添加一个 OR 来表示电子邮件或用户名,如果是这样,我应该在哪里做这样的事情)
@Configuration
@EnableWebSecurity //apply security class
@EnableGlobalMethodSecurity( //provides AOP security on methods/ Global AuthManager
prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsServiceImpl userDetailsService;
@Autowired
private AuthEntryPointJwt unauthorizedHandler;
//Adding custom user details service
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
//validates userNamePasswordAuthenticationToken/overriding authBean
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception { //throws exception if input is invalid
return super.authenticationManagerBean();
}
//Encrypt my password
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
//provides HttpSecurity configures cors, csrf, session management
//protected api's
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().antMatchers("/api/auth/**").permitAll()
.antMatchers("/**").permitAll()
.anyRequest().authenticated();
}
}
您应该在您的 中实现此逻辑UserDetailsService#loadByUsername
,其中username
可能是实际的用户名或电子邮件。
所以,你UserDetailsService
看起来像这样:
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private CustomerRepository customerRepository;
public UserDetails loadByUsername(String username) throws UsernameNotFoundException {
Optional<Customer> customer = this.customerRepository.findByUsernameOrEmail(username); // username can be both
return customer.map(...mapToMyCustomUserDetails()).orElseThrow(...);
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句