From 4a620557ffb98adfb0d3dbea16cf4bdb9bfd916f Mon Sep 17 00:00:00 2001
From: kongdeqiang <123456>
Date: 星期二, 09 四月 2024 08:13:08 +0800
Subject: [PATCH] fix: 修改前端过滤验证码

---
 xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
index 68ba9f5..80a4f40 100644
--- a/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
+++ b/xboot-core/src/main/java/cn/exrick/xboot/core/config/security/DaoAuthenticationProvider.java
@@ -1,13 +1,16 @@
 package cn.exrick.xboot.core.config.security;
 
+import cn.exrick.xboot.core.common.utils.ResultUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import jodd.util.Base64;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Component;
 
 /**
@@ -17,8 +20,16 @@
 public class DaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
     @Override
     protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+        if (authentication.getCredentials()==null){
+            throw new BadCredentialsException("瀵嗙爜涓虹┖");
+        }
         String password= authentication.getCredentials().toString();
         password = Base64.decodeToString(password);
+        if (!new BCryptPasswordEncoder().matches(password, userDetails.getPassword())) {
+            throw new BadCredentialsException("瀵嗙爜閿欒");
+        }
+
+
         UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), password);
         newAuthentication.setDetails(authentication.getDetails());
     }

--
Gitblit v1.9.1