需求:第三方在访问项目接口时,虽然支持传递的token,但是token并不是存放在请求头的Authorization中,而且在请求头自定义的token参数中
解决方案:在项目中增加filter拦截请求,从请求头中拿到token的值,在存放到Authorization中
注意问题:
1.filter的执行顺序要在springSecurityFilterChain之前,springSecurityFilterChain对应的order=-100,所以自定义filter的order要小于-100
方法1,通过调试窗口查看order的值
方法2,查看源代码在SecurityFilterAutoConfiguration.class中配置
2.oauth2获取token的实现在OAuth2AuthenticationProcessingFilter.class中,需要重新requestWrapper中的getHeaders方法
3.实现
1.自定义filter,需要重新HttpServletRequestWrapper 的getHeaders方法
package cn.fjlt.config;
import ch.qos.logback.core.Context;
import ch.qos.logback.core.spi.ContextAware;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;
/**
* 过滤器为了往header里面塞参数
* @author Administrator
*
*/
@Component
public class ResetParametersFilter extends OncePerRequestFilter implements ApplicationContextAware {
private ApplicationContext applicationContext;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
ResetParametersWrapper parametersWrapper = new ResetParametersWrapper(request);
String token = request.getHeader("token");
parametersWrapper.putHeader("Authorization",token);
filterChain.doFilter(parametersWrapper, response);
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
/**
* 继承HttpServletRequestWrapper,创建装饰类,以达到修改HttpServletRequest参数的目的
*/
private class ResetParametersWrapper extends HttpServletRequestWrapper {
private final Map<String, String> customHeaders;
ResetParametersWrapper(HttpServletRequest request) {
super(request);
this.customHeaders = new HashMap<>();
}
void putHeader(String name, String value){
this.customHeaders.put(name, value);
}
@Override
public String getHeader(String name) {
String headerValue = customHeaders.get(name);
if (headerValue != null){
return headerValue;
}
return ((HttpServletRequest) getRequest()).getHeader(name);
}
@Override
public Enumeration<String> getHeaders(String name) {
Set<String> set = new HashSet<>();
set.add(customHeaders.get(name));
Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaders(name);
while (e.hasMoreElements()) {
String n = e.nextElement();
set.add(n);
}
return Collections.enumeration(set);
}
@Override
public Enumeration<String> getHeaderNames() {
Set<String> set = new HashSet<>(customHeaders.keySet());
Enumeration<String> e = ((HttpServletRequest) getRequest()).getHeaderNames();
while (e.hasMoreElements()) {
String n = e.nextElement();
set.add(n);
}
return Collections.enumeration(set);
}
}
}
添加自定义filter配置,order的值需要小于-100
@Bean
public FilterRegistrationBean modifyParametersFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new ResetParametersFilter());
registration.addUrlPatterns("/*");
registration.setName("resetParametersFilter");
registration.setOrder(-101);
return registration;
}