diff --git a/src/main/java/com/codesdream/ase/component/ASESecurityAuthenticationProvider.java b/src/main/java/com/codesdream/ase/component/ASESecurityAuthenticationProvider.java new file mode 100644 index 0000000..e2cf120 --- /dev/null +++ b/src/main/java/com/codesdream/ase/component/ASESecurityAuthenticationProvider.java @@ -0,0 +1,66 @@ +package com.codesdream.ase.component; + +import org.springframework.security.authentication.*; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Component; + +import javax.annotation.Resource; +import java.io.UnsupportedEncodingException; +import java.security.NoSuchAlgorithmException; +import java.util.Collection; + +@Component +public class ASESecurityAuthenticationProvider implements AuthenticationProvider { + @Resource + UserDetailsService userDetailsService; + + @Resource + ASEUsernameEncoder usernameEncoder; + + @Resource + PasswordEncoder passwordEncoder; + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + // 获得登录表单中的学号 + String username = usernameEncoder.encode(authentication.getName()); + // 获得表单中的密码 + String password = passwordEncoder.encode(authentication.getCredentials().toString()); + + // 判断用户是否存在 + UserDetails userInfo = userDetailsService.loadUserByUsername(username); + if (userInfo == null) { + throw new UsernameNotFoundException("User IS Not Existing"); + } + + // 判断密码是否正确 + if (!userInfo.getPassword().equals(password)) { + throw new BadCredentialsException("Password IS Uncorrected"); + } + + // 判断账号是否停用/删除 + if (!userInfo.isEnabled()) { + throw new DisabledException("User IS Disabled"); + } + else if(!userInfo.isAccountNonLocked()){ + throw new LockedException("User IS Locked"); + } + else if(!userInfo.isAccountNonExpired()){ + throw new AccountExpiredException("User IS Expired"); + } + + Collection authorities = userInfo.getAuthorities(); + return new UsernamePasswordAuthenticationToken(userInfo, password, authorities); + } + + @Override + public boolean supports(Class aClass) { + return true; + } +} diff --git a/src/main/java/com/codesdream/ase/component/ASEUsernameEncoder.java b/src/main/java/com/codesdream/ase/component/ASEUsernameEncoder.java new file mode 100644 index 0000000..834dcf5 --- /dev/null +++ b/src/main/java/com/codesdream/ase/component/ASEUsernameEncoder.java @@ -0,0 +1,15 @@ +package com.codesdream.ase.component; + +import org.apache.commons.codec.digest.DigestUtils; +import org.springframework.stereotype.Component; + +@Component +public class ASEUsernameEncoder { + public String encode(CharSequence charSequence){ + return "u_id_" + DigestUtils.sha256Hex(charSequence.toString()); + } + + public boolean matches(CharSequence charSequence, String s){ + return s.equals(encode(charSequence.toString())); + } +} diff --git a/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java b/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java index ef67a73..a94c16b 100644 --- a/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java +++ b/src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java @@ -1,6 +1,7 @@ package com.codesdream.ase.configure; import com.codesdream.ase.component.ASEPasswordEncoder; +import com.codesdream.ase.component.ASESecurityAuthenticationProvider; import com.codesdream.ase.service.ASEUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; @@ -26,6 +27,9 @@ public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource ASEPasswordEncoder asePasswordEncoder; + @Resource + ASESecurityAuthenticationProvider aseSecurityAuthenticationProvider; + @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() @@ -34,7 +38,7 @@ public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter { .csrf().disable().formLogin() .and() .formLogin().loginPage("/login") - .permitAll().defaultSuccessUrl("/").permitAll() + .permitAll().defaultSuccessUrl("/home").permitAll() .and() .logout().permitAll(); @@ -42,7 +46,8 @@ public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(aseUserDetailService) + auth.authenticationProvider(aseSecurityAuthenticationProvider) + .userDetailsService(aseUserDetailService) .passwordEncoder(asePasswordEncoder); } diff --git a/src/main/java/com/codesdream/ase/controller/HomeController.java b/src/main/java/com/codesdream/ase/controller/HomeController.java index 2515570..858007b 100644 --- a/src/main/java/com/codesdream/ase/controller/HomeController.java +++ b/src/main/java/com/codesdream/ase/controller/HomeController.java @@ -1,12 +1,27 @@ package com.codesdream.ase.controller; +import com.codesdream.ase.model.permission.User; +import com.codesdream.ase.service.IUserService; import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; +import javax.annotation.Resource; +import java.security.Principal; +import java.util.Optional; + @Controller public class HomeController { + @Resource + IUserService userService; + @RequestMapping(value = "/home") - public String showHomeView(){ + public String showHomeView(Model model, Principal principal){ + User user = userService.findUserByUsername(principal.getName()); + // 为视图模板指定参数 + model.addAttribute("username", user.getUsername().substring(0, 18)); + model.addAttribute("student_id", user.getUserAuth().getStudentID()); + model.addAttribute("is_at_school", user.getUserDetail().isAtSchool()); return "home"; } } diff --git a/src/main/java/com/codesdream/ase/controller/RegisterController.java b/src/main/java/com/codesdream/ase/controller/RegisterController.java index 024a7e4..248abd0 100644 --- a/src/main/java/com/codesdream/ase/controller/RegisterController.java +++ b/src/main/java/com/codesdream/ase/controller/RegisterController.java @@ -1,22 +1,15 @@ package com.codesdream.ase.controller; -import com.codesdream.ase.component.ASEPasswordEncoder; import com.codesdream.ase.model.permission.User; -import com.codesdream.ase.repository.UserRepository; import com.codesdream.ase.service.UserService; -import org.springframework.boot.autoconfigure.security.SecurityProperties; -import org.springframework.http.HttpRequest; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.web.HttpRequestHandler; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import java.util.Map; -import java.util.Objects; @Controller public class RegisterController { @@ -34,14 +27,16 @@ public class RegisterController { Map parameterMap= request.getParameterMap(); // 进行处理前的检查 - if(parameterMap.containsKey("username") + if(parameterMap.containsKey("student-id") && parameterMap.containsKey("password") && parameterMap.containsKey("retry-password") && parameterMap.containsKey("user-question") && parameterMap.containsKey("user-answer") ) { User user = userService.getDefaultUser(); - user.setUsername(parameterMap.get("username")[0].toString()); + String student_id = parameterMap.get("student-id")[0].toString(); + // 生成随机用户名 + userService.generateRandomUsernameByStudentID(user, student_id); String password = parameterMap.get("password")[0].toString(); String retry_password = parameterMap.get("retry-password")[0].toString(); diff --git a/src/main/java/com/codesdream/ase/model/permission/UserAuth.java b/src/main/java/com/codesdream/ase/model/permission/UserAuth.java index e80d7b7..13e7071 100644 --- a/src/main/java/com/codesdream/ase/model/permission/UserAuth.java +++ b/src/main/java/com/codesdream/ase/model/permission/UserAuth.java @@ -14,11 +14,14 @@ public class UserAuth { private int id; // 密保问题 - private String user_question; + private String userQuestion; // 密保问题答案 - private String user_answer; + private String userAnswer; // 用户邮箱 private String mail; + + // 学生ID + private String studentID; } diff --git a/src/main/java/com/codesdream/ase/model/permission/UserDetail.java b/src/main/java/com/codesdream/ase/model/permission/UserDetail.java index 8e4fe06..148a185 100644 --- a/src/main/java/com/codesdream/ase/model/permission/UserDetail.java +++ b/src/main/java/com/codesdream/ase/model/permission/UserDetail.java @@ -33,9 +33,6 @@ public class UserDetail { // 真实姓名 private String realName; - // 学生ID - private String studentID; - // 在校状态 private boolean atSchool; } diff --git a/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java b/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java index aea8bc3..00e9ad8 100644 --- a/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java +++ b/src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java @@ -23,16 +23,8 @@ public class ASEUserDetailsService implements UserDetailsService { @Override @Transactional public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { - System.out.println("User: " + s); - Optional user = userService.findUserByUsername(s); - if(!user.isPresent()){ - throw new UsernameNotFoundException("User Not Found"); - } - else { - System.out.println("Returning user information"); - System.out.println("User Password: "+user.get().getPassword()); - user.get().setAuthorities(userAuthoritiesGenerator.grantedAuthorities(user.get())); - return user.get(); - } + User user = userService.findUserByUsername(s); + user.setAuthorities(userAuthoritiesGenerator.grantedAuthorities(user)); + return user; } } diff --git a/src/main/java/com/codesdream/ase/service/IUserService.java b/src/main/java/com/codesdream/ase/service/IUserService.java index ea92e36..5de817d 100644 --- a/src/main/java/com/codesdream/ase/service/IUserService.java +++ b/src/main/java/com/codesdream/ase/service/IUserService.java @@ -16,7 +16,7 @@ public interface IUserService { List findAll(); Optional findUserById(int id); - Optional findUserByUsername(String username); + User findUserByUsername(String username); // 获得用户所有的权限角色 Collection getUserAuthorities(User user); @@ -24,6 +24,9 @@ public interface IUserService { // 更新用户的密码 void updatePassword(User user, String password); + // 生成随机用户名 + void generateRandomUsernameByStudentID(User user, String id); + User save(User user); User update(User user); diff --git a/src/main/java/com/codesdream/ase/service/UserService.java b/src/main/java/com/codesdream/ase/service/UserService.java index 65ffbbf..45fb059 100644 --- a/src/main/java/com/codesdream/ase/service/UserService.java +++ b/src/main/java/com/codesdream/ase/service/UserService.java @@ -1,10 +1,12 @@ package com.codesdream.ase.service; import com.codesdream.ase.component.ASEPasswordEncoder; +import com.codesdream.ase.component.ASEUsernameEncoder; import com.codesdream.ase.component.UserRolesListGenerator; import com.codesdream.ase.model.permission.User; import com.codesdream.ase.repository.UserRepository; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import javax.annotation.Resource; @@ -21,7 +23,10 @@ public class UserService implements IUserService { UserRepository userRepository; @Resource - ASEPasswordEncoder asePasswordEncoder; + ASEPasswordEncoder passwordEncoder; + + @Resource + ASEUsernameEncoder usernameEncoder; @Override public List findAll() { @@ -34,8 +39,10 @@ public class UserService implements IUserService { } @Override - public Optional findUserByUsername(String username) { - return userRepository.findByUsername(username); + public User findUserByUsername(String username) { + Optional user = userRepository.findByUsername(username); + if(!user.isPresent()) throw new UsernameNotFoundException("User Not Found"); + return user.get(); } @Override @@ -45,16 +52,22 @@ public class UserService implements IUserService { @Override public void updatePassword(User user, String password) { - user.setPassword(asePasswordEncoder.encode(password)); + user.setPassword(passwordEncoder.encode(password)); update(user); } + @Override + public void generateRandomUsernameByStudentID(User user, String id) { + user.getUserAuth().setStudentID(id); + user.setUsername(usernameEncoder.encode(id)); + } + @Override public User save(User user) { // 查找用户名是否已经被注册 if(userRepository.findByUsername(user.getUsername()).isPresent()) throw new RuntimeException("Username Already Exists"); - user.setPassword(asePasswordEncoder.encode(user.getPassword())); + user.setPassword(passwordEncoder.encode(user.getPassword())); return userRepository.save(user); } diff --git a/src/main/resources/templates/home.html b/src/main/resources/templates/home.html new file mode 100644 index 0000000..dc3ea8f --- /dev/null +++ b/src/main/resources/templates/home.html @@ -0,0 +1,376 @@ + + + +
+ +home + + + + + + + +
+
+ +
+ + +
+ +
+
+ + + + +
+ +
+
+
+
+
...
+
+ + 二狗子 + 学生 + + +
+ +
+
+ +
+
+
+ + +
+
+ +
+ +
+ 基本信息 +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
姓名二狗子在校状态 +
+ 在校 + 未在校 + 未知 +
+
学号身份学生
手机180892131811性别
班号14011809班级软件九班
专业软件工程学院软件学院
邮箱857331073@qq.com职务
+ + + +
+ 统计信息 +
+ + + + + + + + + + + + + + + + + + + + + + + + +
学分积学分积排名综合测评综测排名考勤次数考勤率活动参加数
1个表格单元格表格单元格表格单元格表格单元格表格单元格 表格单元格
+ + + +
+
+ + + + + + + +
+ +
+ + diff --git a/src/main/resources/templates/login.html b/src/main/resources/templates/login.html index 9c21e7f..bab0b38 100644 --- a/src/main/resources/templates/login.html +++ b/src/main/resources/templates/login.html @@ -17,8 +17,8 @@
- - + +
diff --git a/src/main/resources/templates/register.html b/src/main/resources/templates/register.html index f9dc699..ceb1ccd 100644 --- a/src/main/resources/templates/register.html +++ b/src/main/resources/templates/register.html @@ -17,8 +17,8 @@
- - + +