zoukankan      html  css  js  c++  java
  • 基于Token的授权(with srping mvc)

    @Override
    public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {
        boolean tokenAuthenticated = false;
        HttpServletRequest request = (HttpServletRequest) sr;
        String token = findToken(request);
        if ((null == token) || (!authenticationNeeded(request))) {
            fc.doFilter(sr, sr1);
            return;
        }
        if (needHttps && (! request.isSecure())) {
            TokenAuthenticationToken at = new TokenAuthenticationToken(token);
            try {
                at.setDetails(detailsSource.buildDetails(request));
                Authentication auth = manager.authenticate(at);
                if ((auth != null) && (auth.isAuthenticated())) {
                    SecurityContextHolder.getContext().setAuthentication(auth);
                    tokenAuthenticated = true;
                }
            } catch (AuthenticationException e) {
                logger.debug("Authentication failed :", e);
            }
        }
        else {
            logger.info("Token identification rejected : proto != https");
        }
        fc.doFilter(sr, sr1);
        if (tokenAuthenticated) {
            logger.debug("Token authenticated : invalidate session");
            HttpSession session = request.getSession(false);
            if (session != null) {
                session.invalidate();
            }
        }
    }

    除了filter,应该需要在服务端持久化token,参见http://stackoverflow.com/questions/2608372/spring-security-rememberme-services-with-session-cookie?rq=1
    https://github.com/virgo47/restful-spring-security

    logout的实现
    http://stackoverflow.com/questions/14733418/login-logout-in-rest-with-spring-3/14735345#14735345
  • 相关阅读:
    forEach
    Apache localhost和局域网ip地址访问
    数据库基础知识(必读)
    设计模式其他常见面试题
    设计模式学习
    简历书写注意事项
    计算机网络常见面试题二
    计算机网络常见面试题一
    分布式系统中的CAP 理论
    多线程常见面试题一
  • 原文地址:https://www.cnblogs.com/zlfoak/p/4367625.html
Copyright © 2011-2022 走看看