zoukankan      html  css  js  c++  java

  • Spring Security Oauth2 如何鉴别Token是否有效

    转载:https://blog.csdn.net/zimou5581/article/details/101051416

    重点

    当oauth2请求(Authorization请求头中Bearer协议的 access_token)进行访问时,会进入OAuth2AuthenticationProcessingFilter之中

    public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean {
    // ... 其他变量 和 方法
    
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){
    
        final HttpServletRequest request = (HttpServletRequest) req;
        final HttpServletResponse response = (HttpServletResponse) res;
    
        try {
            //从请求中取出身份信息,将access_token 放入principal变量
            Authentication authentication = tokenExtractor.extract(request);
    
            if (authentication == null) {
                // token信息为null,SecurityContextHolder 清空上下文
            }
            else {
                // request请求对象 放入authentication对象中
                request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
                if (authentication instanceof AbstractAuthenticationToken) {
                    AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
                    needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
                }
                // 验证token身份信息
                Authentication authResult = authenticationManager.authenticate(authentication);
                eventPublisher.publishAuthenticationSuccess(authResult);
                //将身份信息绑定到SecurityContextHolder中
                SecurityContextHolder.getContext().setAuthentication(authResult);
            }
        }
        catch (OAuth2Exception failed) {
            // SecurityContextHolder 清空上下文, 然后直接返回
            return;
        }
        chain.doFilter(request, response);
    }
}
  • 相关阅读:
    day19 反射
    Oracle函数整理
    在博客园设置访问人数
    数据库中行转列
    Oracle中数据库与实例的区别
    sql语句的执行顺序
    【地址】ps_cs6安装
    ORA-12514 TNS 监听程序当前无法识别连接描述符中请求服务 的解决方法
    人员管理模块密码过期
    相关性配置模块总结
  • 原文地址:https://www.cnblogs.com/cq-yangzhou/p/13036292.html
Copyright © 2011-2022 走看看