Spring-security自定义过滤器

定义过滤器

public class TokenAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter  {

    public TokenAuthenticationFilter() {
        this.setCheckForPrincipalChanges(true);
        this.setAuthenticationManager(new AuthenticationManager() {
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String token = (String)authentication.getPrincipal();
                if(!StringUtils.isEmpty(token)){
                    User user =  new User(token, "ROLE_USER");
                    user.setAuthenticated(true);
                    return user;
                }else{
                    return null;
                }
            }
        });
    }

    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
        String token = request.getParameter("token");
        if(token == null){
            token = request.getHeader("x-token");
        }
        return token;
    }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
        return null;
    }
}

security配置

@Configuration
    public static class WebSecurityConfigurer extends WebSecurityConfigurerAdapter{
        
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .addFilter(new TokenAuthenticationFilter())
                .formLogin()
            .and()
                .logout()
                    .invalidateHttpSession(true)
                    .logoutUrl("/logout").logoutSuccessUrl("/")
                    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .and()
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
                .authorizeRequests()
                    .anyRequest().authenticated();
        }
    }

 

转载于:https://www.cnblogs.com/kingsy/p/6635789.html

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值