|
@ -1,5 +1,5 @@
|
|
|
/**
|
|
|
*
|
|
|
*
|
|
|
*/
|
|
|
package com.yihu.base.security.sms;
|
|
|
|
|
@ -15,95 +15,98 @@ import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
/**
|
|
|
* 短信登陆过滤器
|
|
|
* @author chenweida
|
|
|
* @author zhailiang
|
|
|
*
|
|
|
*/
|
|
|
public class SmsCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
|
|
// ~ Static fields/initializers
|
|
|
// =====================================================================================
|
|
|
|
|
|
private String mobileParameter = SecurityProperties.mobileLoginKey;
|
|
|
private boolean postOnly = true;
|
|
|
|
|
|
// ~ Constructors
|
|
|
// ===================================================================================================
|
|
|
|
|
|
public SmsCodeAuthenticationFilter() {
|
|
|
super(new AntPathRequestMatcher(SecurityProperties.mobileLogin, "POST"));
|
|
|
}
|
|
|
|
|
|
// ~ Methods
|
|
|
// ========================================================================================================
|
|
|
|
|
|
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
|
|
throws AuthenticationException {
|
|
|
if (postOnly && !request.getMethod().equals("POST")) {
|
|
|
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
|
|
|
}
|
|
|
|
|
|
String mobile = obtainMobile(request);
|
|
|
|
|
|
if (mobile == null) {
|
|
|
mobile = "";
|
|
|
}
|
|
|
|
|
|
mobile = mobile.trim();
|
|
|
|
|
|
SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
|
|
|
|
|
|
// Allow subclasses to set the "details" property
|
|
|
setDetails(request, authRequest);
|
|
|
|
|
|
return this.getAuthenticationManager().authenticate(authRequest);
|
|
|
}
|
|
|
|
|
|
|
|
|
/**
|
|
|
* 获取手机号
|
|
|
*/
|
|
|
protected String obtainMobile(HttpServletRequest request) {
|
|
|
return request.getParameter(mobileParameter);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Provided so that subclasses may configure what is put into the
|
|
|
* authentication request's details property.
|
|
|
*
|
|
|
* @param request that an authentication request is being created for
|
|
|
* @param authRequest the authentication request object that should have its details
|
|
|
* set
|
|
|
*/
|
|
|
protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
|
|
|
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Sets the parameter name which will be used to obtain the username from
|
|
|
* the login request.
|
|
|
*
|
|
|
* @param usernameParameter the parameter name. Defaults to "username".
|
|
|
*/
|
|
|
public void setMobileParameter(String usernameParameter) {
|
|
|
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
|
|
|
this.mobileParameter = usernameParameter;
|
|
|
}
|
|
|
|
|
|
|
|
|
/**
|
|
|
* Defines whether only HTTP POST requests will be allowed by this filter.
|
|
|
* If set to true, and an authentication request is received which is not a
|
|
|
* POST request, an exception will be raised immediately and authentication
|
|
|
* will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
|
|
|
* will be called as if handling a failed authentication.
|
|
|
* <p>
|
|
|
* Defaults to <tt>true</tt> but may be overridden by subclasses.
|
|
|
*/
|
|
|
public void setPostOnly(boolean postOnly) {
|
|
|
this.postOnly = postOnly;
|
|
|
}
|
|
|
|
|
|
public final String getMobileParameter() {
|
|
|
return mobileParameter;
|
|
|
}
|
|
|
// ~ Static fields/initializers
|
|
|
// =====================================================================================
|
|
|
|
|
|
private String mobileParameter = SecurityProperties.mobileLoginAccountKey;
|
|
|
private boolean postOnly = true;
|
|
|
|
|
|
// ~ Constructors
|
|
|
// ===================================================================================================
|
|
|
|
|
|
public SmsCodeAuthenticationFilter() {
|
|
|
super(new AntPathRequestMatcher(SecurityProperties.mobileLogin, "POST"));
|
|
|
}
|
|
|
|
|
|
// ~ Methods
|
|
|
// ========================================================================================================
|
|
|
|
|
|
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
|
|
throws AuthenticationException {
|
|
|
if (postOnly && !request.getMethod().equals("POST")) {
|
|
|
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
|
|
|
}
|
|
|
|
|
|
String mobile = obtainMobile(request);
|
|
|
|
|
|
if (mobile == null) {
|
|
|
mobile = "";
|
|
|
}
|
|
|
|
|
|
mobile = mobile.trim();
|
|
|
|
|
|
SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
|
|
|
|
|
|
// Allow subclasses to set the "details" property
|
|
|
setDetails(request, authRequest);
|
|
|
|
|
|
return this.getAuthenticationManager().authenticate(authRequest);
|
|
|
}
|
|
|
|
|
|
|
|
|
/**
|
|
|
* 获取手机号
|
|
|
*/
|
|
|
protected String obtainMobile(HttpServletRequest request) {
|
|
|
return request.getParameter(mobileParameter);
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Provided so that subclasses may configure what is put into the
|
|
|
* authentication request's details property.
|
|
|
*
|
|
|
* @param request
|
|
|
* that an authentication request is being created for
|
|
|
* @param authRequest
|
|
|
* the authentication request object that should have its details
|
|
|
* set
|
|
|
*/
|
|
|
protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
|
|
|
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* Sets the parameter name which will be used to obtain the username from
|
|
|
* the login request.
|
|
|
*
|
|
|
* @param usernameParameter
|
|
|
* the parameter name. Defaults to "username".
|
|
|
*/
|
|
|
public void setMobileParameter(String usernameParameter) {
|
|
|
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
|
|
|
this.mobileParameter = usernameParameter;
|
|
|
}
|
|
|
|
|
|
|
|
|
/**
|
|
|
* Defines whether only HTTP POST requests will be allowed by this filter.
|
|
|
* If set to true, and an authentication request is received which is not a
|
|
|
* POST request, an exception will be raised immediately and authentication
|
|
|
* will not be attempted. The <tt>unsuccessfulAuthentication()</tt> method
|
|
|
* will be called as if handling a failed authentication.
|
|
|
* <p>
|
|
|
* Defaults to <tt>true</tt> but may be overridden by subclasses.
|
|
|
*/
|
|
|
public void setPostOnly(boolean postOnly) {
|
|
|
this.postOnly = postOnly;
|
|
|
}
|
|
|
|
|
|
public final String getMobileParameter() {
|
|
|
return mobileParameter;
|
|
|
}
|
|
|
|
|
|
}
|