第十四章 用户登录

我们需要把不同种的用户登录整合到一起,包括,数据库,或者第三方等等。

1.整合远端数据库的用户。

    insert into ofProperty(name,propValue)values
    ('jdbcProvider.driver','com.mysql.jdbc.Driver'),
    ('jdbcProvider.connectionString','jdbc:mysql://192.168.6.202/dongao?user=DongAoAtMember&password=DongAo20140623w9qZnAlt8&useUnicode=true&characterEncoding=utf8'),
    ('admin.authorizedJIDs','admin@openfire118'),
    ('jdbcAuthProvider.passwordSQL','SELECT password FROM app_user WHERE username=?'),
    ('jdbcAuthProvider.passwordType','md5'),
    ('jdbcUserProvider.loadUserSQL','SELECT username,email FROM app_user WHERE username=?'),
    ('jdbcUserProvider.userCountSQL','SELECT COUNT(*) FROM app_user where username is not null and username!='''' and username!=''"'' and LOCATE('' '', username)=0 and LOCATE(''"'', username)=0 and LOCATE(''&'', username)=0 and LOCATE(''\\\''', username)=0 and LOCATE(''/'', username)=0 and LOCATE('':'', username)=0 and LOCATE(''<'', username)=0 and LOCATE(''>'', username)=0 and LOCATE(''@'', username)=0'),
    ('jdbcUserProvider.allUsersSQL','SELECT username FROM app_user where username is not null and username!='''' and username!=''"'' and LOCATE('' '', username)=0 and LOCATE(''"'', username)=0 and LOCATE(''&'', username)=0 and LOCATE(''\\\''', username)=0 and LOCATE(''/'', username)=0 and LOCATE('':'', username)=0 and LOCATE(''<'', username)=0 and LOCATE(''>'', username)=0 and LOCATE(''@'', username)=0'),
    ('jdbcUserProvider.usernameField','username'),
    ('jdbcUserProvider.nameField','username'),
    ('jdbcUserProvider.emailField','email');

    UPDATE ofProperty SET propValue='org.jivesoftware.openfire.user.JDBCUserProvider' WHERE name='provider.user.className';
    UPDATE ofProperty SET propValue='org.jivesoftware.openfire.auth.JDBCAuthProvider' WHERE name='provider.auth.className';

然就就是调取远端数据库来验证。

查看源码:

    @Override
    public void authenticate(String username, String password) throws UnauthorizedException {
        if (username == null || password == null) {
            throw new UnauthorizedException();
        }
        username = username.trim().toLowerCase();
        if (username.contains("@")) {
            // Check that the specified domain matches the server's domain
            int index = username.indexOf("@");
            String domain = username.substring(index + 1);
            if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
                username = username.substring(0, index);
            } else {
                // Unknown domain. Return authentication failed.
                throw new UnauthorizedException();
            }
        }
        String userPassword;
        try {
            userPassword = getPasswordValue(username);
        }
        catch (UserNotFoundException unfe) {
            throw new UnauthorizedException();
        }

        if (comparePasswords(password, userPassword)) {
            // Got this far, so the user must be authorized.
            createUser(username);
        } else {
            throw new UnauthorizedException();
        }
    }

通过此方法来验证是否可以登录。最终如果没有异常的话则证明登录成功。

2.其他方式验证

我们查看上面JDBC的实现代码就可以知道,我们在authenticate方法可以自定义自己的请求方式。使用HTTP API类似的方式来请求返回true,false来实现不同的登录用户。

具体操作:

我们可以在这里做文章

        if (comparePasswords(password, userPassword)) {
            // Got this far, so the user must be authorized.
            createUser(username);
        } else {
            throw new UnauthorizedException();
        }

然后在 comparePasswords(password, userPassword)

写上我们自己定义的合适自己的验证方式,我们暂时直接返回true。 登录

然后我们试一下登录随便密码。然后我们发现我们可以随便登录了啊!!!!!

results matching ""

    No results matching ""