feat(security/password): 重构密码编码器，新增 PasswordEncoderUtil

continew-starter-security/continew-starter-security-password/src/main/java/top/continew/starter/security/password/autoconfigure/PasswordEncoderAutoConfiguration.java

@@ -16,8 +16,6 @@
 
 package top.continew.starter.security.password.autoconfigure;
 
-import cn.hutool.core.collection.CollUtil;
-import cn.hutool.core.text.CharSequenceUtil;
 import jakarta.annotation.PostConstruct;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,18 +23,17 @@ import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
-import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+import org.springframework.context.annotation.PropertySource;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
-import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
 import top.continew.starter.core.constant.PropertiesConstants;
+import top.continew.starter.core.util.GeneralPropertySourceFactory;
 import top.continew.starter.core.util.validation.CheckUtils;
+import top.continew.starter.security.password.enums.PasswordEncoderAlgorithm;
+import top.continew.starter.security.password.util.PasswordEncoderUtil;
 
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 
 /**
@@ -55,15 +52,11 @@ import java.util.Map;
  */
 @AutoConfiguration
 @EnableConfigurationProperties(PasswordEncoderProperties.class)
+@PropertySource(value = "classpath:default-password.yml", factory = GeneralPropertySourceFactory.class)
 @ConditionalOnProperty(prefix = PropertiesConstants.SECURITY_PASSWORD, name = PropertiesConstants.ENABLED, havingValue = "true", matchIfMissing = true)
 public class PasswordEncoderAutoConfiguration {
 
     private static final Logger log = LoggerFactory.getLogger(PasswordEncoderAutoConfiguration.class);
-    private final PasswordEncoderProperties properties;
-
-    public PasswordEncoderAutoConfiguration(PasswordEncoderProperties properties) {
-        this.properties = properties;
-    }
 
     /**
      * 密码编码器
@@ -72,23 +65,19 @@ public class PasswordEncoderAutoConfiguration {
      * @see PasswordEncoderFactories
      */
     @Bean
-    public PasswordEncoder passwordEncoder(List<PasswordEncoder> passwordEncoderList) {
+    public PasswordEncoder passwordEncoder(PasswordEncoderProperties properties) {
         Map<String, PasswordEncoder> encoders = new HashMap<>();
-        encoders.put("bcrypt", new BCryptPasswordEncoder());
+        encoders.put(PasswordEncoderAlgorithm.BCRYPT.name().toLowerCase(), PasswordEncoderUtil
-        encoders.put("pbkdf2", Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+            .getEncoder(PasswordEncoderAlgorithm.BCRYPT));
-        encoders.put("scrypt", SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8());
+        encoders.put(PasswordEncoderAlgorithm.SCRYPT.name().toLowerCase(), PasswordEncoderUtil
-        encoders.put("argon2", Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+            .getEncoder(PasswordEncoderAlgorithm.SCRYPT));
-        // 添加自定义的密码编解码器
+        encoders.put(PasswordEncoderAlgorithm.PBKDF2.name().toLowerCase(), PasswordEncoderUtil
-        if (CollUtil.isNotEmpty(passwordEncoderList)) {
+            .getEncoder(PasswordEncoderAlgorithm.PBKDF2));
-            passwordEncoderList.forEach(passwordEncoder -> {
+        encoders.put(PasswordEncoderAlgorithm.ARGON2.name().toLowerCase(), PasswordEncoderUtil
-                String simpleName = passwordEncoder.getClass().getSimpleName();
+            .getEncoder(PasswordEncoderAlgorithm.ARGON2));
-                encoders.put(CharSequenceUtil.removeSuffix(simpleName, "PasswordEncoder")
+        PasswordEncoderAlgorithm algorithm = properties.getAlgorithm();
-                    .toLowerCase(), passwordEncoder);
+        CheckUtils.throwIf(PasswordEncoderUtil.getEncoder(algorithm) == null, "不支持的加密算法: {}", algorithm);
-            });
+        return new DelegatingPasswordEncoder(algorithm.name().toLowerCase(), encoders);
-        }
-        String encodingId = properties.getEncodingId();
-        CheckUtils.throwIf(!encoders.containsKey(encodingId), "{} is not found in idToPasswordEncoder.", encodingId);
-        return new DelegatingPasswordEncoder(encodingId, encoders);
     }
 
     @PostConstruct

continew-starter-security/continew-starter-security-password/src/main/java/top/continew/starter/security/password/autoconfigure/PasswordEncoderProperties.java

@@ -18,6 +18,7 @@ package top.continew.starter.security.password.autoconfigure;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import top.continew.starter.core.constant.PropertiesConstants;
+import top.continew.starter.security.password.enums.PasswordEncoderAlgorithm;
 
 /**
  * 密码编解码配置属性
@@ -34,9 +35,9 @@ public class PasswordEncoderProperties {
     private boolean enabled = true;
 
     /**
-     * 默认启用的编码器 ID（默认：BCryptPasswordEncoder）
+     * 默认启用的编码器算法（默认：BCrypt 加密算法）
      */
-    private String encodingId = "bcrypt";
+    private PasswordEncoderAlgorithm algorithm = PasswordEncoderAlgorithm.BCRYPT;
 
     public boolean isEnabled() {
         return enabled;
@@ -46,11 +47,11 @@ public class PasswordEncoderProperties {
         this.enabled = enabled;
     }
 
-    public String getEncodingId() {
+    public PasswordEncoderAlgorithm getAlgorithm() {
-        return encodingId;
+        return algorithm;
     }
 
-    public void setEncodingId(String encodingId) {
+    public void setAlgorithm(PasswordEncoderAlgorithm algorithm) {
-        this.encodingId = encodingId;
+        this.algorithm = algorithm;
     }
 }

continew-starter-security/continew-starter-security-password/src/main/java/top/continew/starter/security/password/enums/PasswordEncoderAlgorithm.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.starter.security.password.enums;
+
+import java.util.regex.Pattern;
+
+/**
+ * 密码编码器加密算法枚举
+ *
+ * @author Charles7c
+ * @since 2.13.3
+ */
+public enum PasswordEncoderAlgorithm {
+
+    /** BCrypt加密算法 */
+    BCRYPT(Pattern.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}")),
+
+    /** SCrypt加密算法 */
+    SCRYPT(Pattern.compile("\\A\\$s0\\$[0-9a-f]+\\$[0-9a-f]+\\$[0-9a-f]+")),
+
+    /** PBKDF2加密算法 */
+    PBKDF2(Pattern.compile("\\A\\$pbkdf2-sha256\\$\\d+\\$[0-9a-f]+\\$[0-9a-f]+")),
+
+    /** Argon2加密算法 */
+    ARGON2(Pattern.compile("\\A\\$argon2(id|i|d)\\$v=\\d+\\$m=\\d+,t=\\d+,p=\\d+\\$[0-9a-zA-Z+/]+\\$[0-9a-zA-Z+/]+"));
+
+    /** 正则匹配 */
+    private final Pattern pattern;
+
+    PasswordEncoderAlgorithm(Pattern pattern) {
+        this.pattern = pattern;
+    }
+
+    public Pattern getPattern() {
+        return pattern;
+    }
+}

continew-starter-security/continew-starter-security-password/src/main/java/top/continew/starter/security/password/exception/PasswordEncodeException.java

@@ -14,23 +14,35 @@
  * limitations under the License.
  */
 
-package top.continew.starter.security.password.constant;
+package top.continew.starter.security.password.exception;
 
-import java.util.regex.Pattern;
+import top.continew.starter.core.exception.BaseException;
+
+import java.io.Serial;
 
 /**
- * 密码编码器相关常量
+ * 密码编码异常
  *
  * @author Charles7c
- * @since 2.12.0
+ * @since 2.13.3
  */
-public class PasswordEncoderConstants {
+public class PasswordEncodeException extends BaseException {
 
-    /**
+    @Serial
-     * BCrypt 正则表达式
+    private static final long serialVersionUID = 1L;
-     */
-    public static final Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2(a|y|b)?\\$(\\d\\d)\\$[./0-9A-Za-z]{53}");
 
-    private PasswordEncoderConstants() {
+    public PasswordEncodeException() {
+    }
+
+    public PasswordEncodeException(String message) {
+        super(message);
+    }
+
+    public PasswordEncodeException(Throwable cause) {
+        super(cause);
+    }
+
+    public PasswordEncodeException(String message, Throwable cause) {
+        super(message, cause);
     }
 }

continew-starter-security/continew-starter-security-password/src/main/java/top/continew/starter/security/password/util/PasswordEncoderUtil.java

@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ * <p>
+ * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.gnu.org/licenses/lgpl.html
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.starter.security.password.util;
+
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
+import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
+import top.continew.starter.security.password.enums.PasswordEncoderAlgorithm;
+import top.continew.starter.security.password.exception.PasswordEncodeException;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * 密码加密工具类
+ * <p>
+ * 支持多种加密算法，可通过编码ID动态选择加密方式
+ * </p>
+ * 
+ * @author Charles7c
+ * @since 2.13.3
+ */
+public final class PasswordEncoderUtil {
+
+    private static final Map<PasswordEncoderAlgorithm, PasswordEncoder> ENCODER_CACHE = new ConcurrentHashMap<>();
+
+    static {
+        // 初始化默认的加密算法实例
+        ENCODER_CACHE.put(PasswordEncoderAlgorithm.BCRYPT, new BCryptPasswordEncoder());
+        ENCODER_CACHE.put(PasswordEncoderAlgorithm.SCRYPT, SCryptPasswordEncoder.defaultsForSpringSecurity_v5_8());
+        ENCODER_CACHE.put(PasswordEncoderAlgorithm.PBKDF2, Pbkdf2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+        ENCODER_CACHE.put(PasswordEncoderAlgorithm.ARGON2, Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8());
+    }
+
+    private PasswordEncoderUtil() {
+    }
+
+    /**
+     * 使用指定的加密算法加密密码
+     *
+     * @param algorithm   加密算法
+     * @param rawPassword 原始密码
+     * @return 加密后的密码
+     * @throws IllegalArgumentException 如果不支持指定的加密算法
+     */
+    public static String encode(PasswordEncoderAlgorithm algorithm, String rawPassword) {
+        // 参数校验
+        if (algorithm == null) {
+            throw new IllegalArgumentException("加密算法不能为空");
+        }
+        if (rawPassword == null) {
+            throw new IllegalArgumentException("原始密码不能为空");
+        }
+
+        // 获取对应的密码编码器
+        PasswordEncoder encoder = ENCODER_CACHE.get(algorithm);
+        if (encoder == null) {
+            throw new IllegalArgumentException("不支持的加密算法: " + algorithm);
+        }
+
+        try {
+            return encoder.encode(rawPassword);
+        } catch (Exception e) {
+            throw new PasswordEncodeException("密码加密失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 验证密码是否匹配
+     *
+     * @param algorithm       加密算法
+     * @param rawPassword     原始密码
+     * @param encodedPassword 加密后的密码
+     * @return 是否匹配
+     * @throws IllegalArgumentException 如果不支持指定的加密算法
+     */
+    public static boolean matches(PasswordEncoderAlgorithm algorithm, String rawPassword, String encodedPassword) {
+        // 参数校验
+        if (algorithm == null) {
+            throw new IllegalArgumentException("加密算法不能为空");
+        }
+        if (rawPassword == null || encodedPassword == null) {
+            return false;
+        }
+
+        // 获取对应的密码编码器
+        PasswordEncoder encoder = ENCODER_CACHE.get(algorithm);
+        if (encoder == null) {
+            throw new IllegalArgumentException("不支持的加密算法: " + algorithm);
+        }
+
+        try {
+            return encoder.matches(rawPassword, encodedPassword);
+        } catch (Exception e) {
+            return false;
+        }
+    }
+
+    /**
+     * 获取指定算法的密码编码器
+     *
+     * @param algorithm 加密算法
+     * @return 密码编码器实例，不存在则返回null
+     */
+    public static PasswordEncoder getEncoder(PasswordEncoderAlgorithm algorithm) {
+        if (algorithm == null) {
+            return null;
+        }
+        return ENCODER_CACHE.get(algorithm);
+    }
+}

continew-starter-security/continew-starter-security-password/src/main/resources/default-password.yml

@@ -0,0 +1,6 @@
+--- ### 安全配置：密码编码器配置
+continew-starter.security:
+  password:
+    enabled: true
+    # 默认启用的编码器算法（默认：BCrypt 加密算法）
+    algorithm: BCRYPT