Decrying Benutzername und Passwort vor Spring Start -Startauthentifizierung entschlüsseln
Posted: 09 Feb 2025, 12:59
einimport org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import jakarta.servlet.http.HttpServletRequest;
import com.example.demo.controller.HybridController;
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
public CustomAuthenticationFilter(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
HybridController hybridController = new HybridController();
private String decrypt(String data) {
try {
return hybridController.Hybrid_Data_Decryption(data);
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
@Override
protected String obtainPassword(HttpServletRequest request) {
String decPassword = decrypt(super.obtainPassword(request));
return decPassword;
}
@Override
protected String obtainUsername(HttpServletRequest request) {
String decUsername = decrypt(super.obtainUsername(request));
return decUsername;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
String username = obtainUsername(request);
username = (username != null) ? username.trim() : "";
String password = obtainPassword(request);
password = (password != null) ? password : "";
Admin admin = adminRepository.findByUsername(username.toLowerCase()).orElse(null);
Authentication authentication = null;
if (admin != null) {
authentication = this.getAuthenticationManager()
.authenticate(new UsernamePasswordAuthenticationToken(username,
password, mapRolesToAuthorities(admin.getRoles())));
}
SecurityContextHolder.getContext().setAuthentication(authentication);
request.getSession().setAttribute(
"SPRING_SECURITY_CONTEXT",
SecurityContextHolder.getContext());
return authentication;
}
private Collection
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import jakarta.servlet.http.HttpServletRequest;
import com.example.demo.controller.HybridController;
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
public CustomAuthenticationFilter(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
HybridController hybridController = new HybridController();
private String decrypt(String data) {
try {
return hybridController.Hybrid_Data_Decryption(data);
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
@Override
protected String obtainPassword(HttpServletRequest request) {
String decPassword = decrypt(super.obtainPassword(request));
return decPassword;
}
@Override
protected String obtainUsername(HttpServletRequest request) {
String decUsername = decrypt(super.obtainUsername(request));
return decUsername;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
String username = obtainUsername(request);
username = (username != null) ? username.trim() : "";
String password = obtainPassword(request);
password = (password != null) ? password : "";
Admin admin = adminRepository.findByUsername(username.toLowerCase()).orElse(null);
Authentication authentication = null;
if (admin != null) {
authentication = this.getAuthenticationManager()
.authenticate(new UsernamePasswordAuthenticationToken(username,
password, mapRolesToAuthorities(admin.getRoles())));
}
SecurityContextHolder.getContext().setAuthentication(authentication);
request.getSession().setAttribute(
"SPRING_SECURITY_CONTEXT",
SecurityContextHolder.getContext());
return authentication;
}
private Collection