ContiNew/continew-starter
1
1
Fork 0
mirror of https://github.com/continew-org/continew-starter.git synced 2025-09-11 06:57:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(security/crypto): 新增密码编码器配置(由原 security/password 模块融合)

Browse Source
This commit is contained in:
Charles7c
2025-07-25 21:43:13 +08:00
parent ecabda6aec
commit 0ba365dabc
16 changed files with 67 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
continew-starter-security/continew-starter-security-crypto/pom.xml
View File

@@ -16,19 +16,18 @@
<description>ContiNew Starter 安全模块 - 加密</description>
<dependencies>
<!-- 安全模块 - 密码编码器 -->
<dependency>
<groupId>top.continew.starter</groupId>
<artifactId>continew-starter-security-password</artifactId>
<optional>true</optional>
</dependency>
<!-- Hutool 加密解密模块(封装 JDK 中加密解密算法) -->
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-crypto</artifactId>
</dependency>
<!-- Spring Security 附带的一个密码加密库 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
</dependency>
<!-- MyBatis PlusMyBatis 的增强工具,在 MyBatis 的基础上只做增强不做改变,简化开发、提高效率) -->
<dependency>
<groupId>com.baomidou</groupId>

34
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/autoconfigure/CryptoAutoConfiguration.java
View File

@@ -25,11 +25,20 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import top.continew.starter.core.constant.PropertiesConstants;
import top.continew.starter.core.util.GeneralPropertySourceFactory;
import top.continew.starter.core.util.validation.CheckUtils;
import top.continew.starter.security.crypto.enums.PasswordEncoderAlgorithm;
import top.continew.starter.security.crypto.mybatis.MyBatisDecryptInterceptor;
import top.continew.starter.security.crypto.mybatis.MyBatisEncryptInterceptor;
import top.continew.starter.security.crypto.util.EncryptHelper;
import top.continew.starter.security.crypto.util.PasswordEncoderUtil;
import java.util.HashMap;
import java.util.Map;
/**
* 加/解密自动配置
@@ -69,6 +78,31 @@ public class CryptoAutoConfiguration {
return new MyBatisDecryptInterceptor();
}
/**
* 密码编码器配置
*
* @see DelegatingPasswordEncoder
* @see PasswordEncoderFactories
*/
@Bean
@ConditionalOnMissingBean
@ConditionalOnProperty(prefix = PropertiesConstants.SECURITY_CRYPTO + ".password-encoder", name = PropertiesConstants.ENABLED, havingValue = "true")
public PasswordEncoder passwordEncoder() {
PasswordEncoderProperties passwordEncoderProperties = properties.getPasswordEncoder();
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(PasswordEncoderAlgorithm.BCRYPT.name().toLowerCase(), PasswordEncoderUtil
.getEncoder(PasswordEncoderAlgorithm.BCRYPT));
encoders.put(PasswordEncoderAlgorithm.SCRYPT.name().toLowerCase(), PasswordEncoderUtil
.getEncoder(PasswordEncoderAlgorithm.SCRYPT));
encoders.put(PasswordEncoderAlgorithm.PBKDF2.name().toLowerCase(), PasswordEncoderUtil
.getEncoder(PasswordEncoderAlgorithm.PBKDF2));
encoders.put(PasswordEncoderAlgorithm.ARGON2.name().toLowerCase(), PasswordEncoderUtil
.getEncoder(PasswordEncoderAlgorithm.ARGON2));
PasswordEncoderAlgorithm algorithm = passwordEncoderProperties.getAlgorithm();
CheckUtils.throwIf(PasswordEncoderUtil.getEncoder(algorithm) == null, "不支持的加密算法: {}", algorithm);
return new DelegatingPasswordEncoder(algorithm.name().toLowerCase(), encoders);
}
@PostConstruct
public void postConstruct() {
EncryptHelper.init(properties);

15
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/autoconfigure/CryptoProperties.java
View File

@@ -17,6 +17,7 @@
package top.continew.starter.security.crypto.autoconfigure;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import top.continew.starter.core.constant.PropertiesConstants;
import top.continew.starter.security.crypto.enums.Algorithm;
@@ -55,6 +56,12 @@ public class CryptoProperties {
*/
private String privateKey;
/**
* 密码编码器配置
*/
@NestedConfigurationProperty
private PasswordEncoderProperties passwordEncoder;
public boolean isEnabled() {
return enabled;
}
@@ -94,4 +101,12 @@ public class CryptoProperties {
public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
}
public PasswordEncoderProperties getPasswordEncoder() {
return passwordEncoder;
}
public void setPasswordEncoder(PasswordEncoderProperties passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
}

54
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/autoconfigure/PasswordEncoderProperties.java Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.starter.security.crypto.autoconfigure;
import top.continew.starter.security.crypto.enums.PasswordEncoderAlgorithm;
/**
* 密码编解码配置属性
*
* @author Jasmine
* @since 1.3.0
*/
public class PasswordEncoderProperties {
/**
* 是否启用
*/
private boolean enabled = true;
/**
* 默认启用的编码器算法默认BCrypt 加密算法)
*/
private PasswordEncoderAlgorithm algorithm = PasswordEncoderAlgorithm.BCRYPT;
public boolean isEnabled() {
return enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public PasswordEncoderAlgorithm getAlgorithm() {
return algorithm;
}
public void setAlgorithm(PasswordEncoderAlgorithm algorithm) {
this.algorithm = algorithm;
}
}

2
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/encryptor/PasswordEncoderEncryptor.java
View File

@@ -19,7 +19,7 @@ package top.continew.starter.security.crypto.encryptor;
import cn.hutool.extra.spring.SpringUtil;
import org.springframework.security.crypto.password.PasswordEncoder;
import top.continew.starter.security.crypto.autoconfigure.CryptoContext;
import top.continew.starter.security.password.autoconfigure.PasswordEncoderProperties;
import top.continew.starter.security.crypto.autoconfigure.PasswordEncoderProperties;
/**
* 密码编码器加/解密处理器

51
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/enums/PasswordEncoderAlgorithm.java Normal file
View File

@@ -0,0 +1,51 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.starter.security.crypto.enums;
import java.util.regex.Pattern;
/**
* 密码编码器加密算法枚举
*
* @author Charles7c
* @since 2.13.3
*/
public enum PasswordEncoderAlgorithm {
/** BCrypt加密算法 */
BCRYPT(Pattern.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}")),
/** SCrypt加密算法 */
SCRYPT(Pattern.compile("\\A\\$s0\\$[0-9a-f]+\\$[0-9a-f]+\\$[0-9a-f]+")),
/** PBKDF2加密算法 */
PBKDF2(Pattern.compile("\\A\\$pbkdf2-sha256\\$\\d+\\$[0-9a-f]+\\$[0-9a-f]+")),
/** Argon2加密算法 */
ARGON2(Pattern.compile("\\A\\$argon2(id|i|d)\\$v=\\d+\\$m=\\d+,t=\\d+,p=\\d+\\$[0-9a-zA-Z+/]+\\$[0-9a-zA-Z+/]+"));
/** 正则匹配 */
private final Pattern pattern;
PasswordEncoderAlgorithm(Pattern pattern) {
this.pattern = pattern;
}
public Pattern getPattern() {
return pattern;
}
}

48
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/exception/PasswordEncodeException.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.starter.security.crypto.exception;
import top.continew.starter.core.exception.BaseException;
import java.io.Serial;
/**
* 密码编码异常
*
* @author Charles7c
* @since 2.13.3
*/
public class PasswordEncodeException extends BaseException {
@Serial
private static final long serialVersionUID = 1L;
public PasswordEncodeException() {
}
public PasswordEncodeException(String message) {
super(message);
}
public PasswordEncodeException(Throwable cause) {
super(cause);
}
public PasswordEncodeException(String message, Throwable cause) {
super(message, cause);
}
}

127
continew-starter-security/continew-starter-security-crypto/src/main/java/top/continew/starter/security/crypto/util/PasswordEncoderUtil.java Normal file
View File

@@ -0,0 +1,127 @@
/*
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package top.continew.starter.security.crypto.util;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
import top.continew.starter.security.crypto.enums.PasswordEncoderAlgorithm;
import top.continew.starter.security.crypto.exception.PasswordEncodeException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* 密码加密工具类
* <p>
* 支持多种加密算法可通过编码ID动态选择加密方式
* </p>
*
* @author Charles7c
* @since 2.13.3
*/
public final class PasswordEncoderUtil {
private static final Map<PasswordEncoderAlgorithm, PasswordEncoder> ENCODER_CACHE = new ConcurrentHashMap<>();
static {
// 初始化默认的加密算法实例
ENCODER_CACHE.put(PasswordEncoderAlgorithm.BCRYPT, new BCryptPasswordEncoder());
ENCODER_CACHE.put(PasswordEncoderAlgorithm.SCRYPT, SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8());
ENCODER_CACHE.put(PasswordEncoderAlgorithm.PBKDF2, Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8());
ENCODER_CACHE.put(PasswordEncoderAlgorithm.ARGON2, Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8());
}
private PasswordEncoderUtil() {
}
/**
* 使用指定的加密算法加密密码
*
* @param algorithm 加密算法
* @param rawPassword 原始密码
* @return 加密后的密码
* @throws IllegalArgumentException 如果不支持指定的加密算法
*/
public static String encode(PasswordEncoderAlgorithm algorithm, String rawPassword) {
// 参数校验
if (algorithm == null) {
throw new IllegalArgumentException("加密算法不能为空");
}
if (rawPassword == null) {
throw new IllegalArgumentException("原始密码不能为空");
}
// 获取对应的密码编码器
PasswordEncoder encoder = ENCODER_CACHE.get(algorithm);
if (encoder == null) {
throw new IllegalArgumentException("不支持的加密算法: " + algorithm);
}
try {
return encoder.encode(rawPassword);
} catch (Exception e) {
throw new PasswordEncodeException("密码加密失败: " + e.getMessage(), e);
}
}
/**
* 验证密码是否匹配
*
* @param algorithm 加密算法
* @param rawPassword 原始密码
* @param encodedPassword 加密后的密码
* @return 是否匹配
* @throws IllegalArgumentException 如果不支持指定的加密算法
*/
public static boolean matches(PasswordEncoderAlgorithm algorithm, String rawPassword, String encodedPassword) {
// 参数校验
if (algorithm == null) {
throw new IllegalArgumentException("加密算法不能为空");
}
if (rawPassword == null || encodedPassword == null) {
return false;
}
// 获取对应的密码编码器
PasswordEncoder encoder = ENCODER_CACHE.get(algorithm);
if (encoder == null) {
throw new IllegalArgumentException("不支持的加密算法: " + algorithm);
}
try {
return encoder.matches(rawPassword, encodedPassword);
} catch (Exception e) {
return false;
}
}
/**
* 获取指定算法的密码编码器
*
* @param algorithm 加密算法
* @return 密码编码器实例不存在则返回null
*/
public static PasswordEncoder getEncoder(PasswordEncoderAlgorithm algorithm) {
if (algorithm == null) {
return null;
}
return ENCODER_CACHE.get(algorithm);
}
}