基于oauth2和spring-security的token认证的实现
简要说明
- authenticate: 认证,对用户进行认证
- authorize: 授权,对认证通过的用户授权,颁发票据,用于访问资源服务器
- jwt: 后续访问资源服务器的票据(ticket)
- OAuth2:授权机制的一种,后续实现采用OAuth2中的client credentials方式
实现思路
对于认证相关请求(登录、刷新token)
- 以auth/form为例,此处不会被OAuth2AuthenticationProcessingFilter拦截
- http.form配置的认证拦截器为UsernamePasswordAuthenticationFilter
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
//校验相关参数
if (this.postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
} else {
String username = this.obtainUsername(request);
String password = this.obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
//封装校验信息
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
this
最低0.47元/天 解锁文章
1273
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
