Replace Spring Security Login with OTP Verification

问题

I have a following tables

User table

    -username
    -password
    -mobile

OTP
    -mobile
    -otpCode
    -expiry

WebSecurityConfig

http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
    .and()
    .authorizeRequests().antMatchers("/login**").permitAll()
    .and()
    .formLogin().loginPage("/login").loginProcessingUrl("/loginAction").permitAll()
    .and()
    .logout().logoutSuccessUrl("/login").permitAll()
    .and()
    .csrf().disable();

When I attempt login. Spring Security checks User table for username and password. My Use-case is login screen is customised to send otp and Authentication should happen in this flow

Check Username from User table
Check otpCode for corresponding user's mobile in OTP table
If matches flow should complete successful authentication.

来源：https://stackoverflow.com/questions/61804081/replace-spring-security-login-with-otp-verification

标签

spring-boot

spring-mvc

spring-security

spring-security-oauth2

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!