使用jwt自定义spring security的认证过程
前言
这部分好像已经不用自己写了,有框架已经实现了,不过是为了学习就自己写一遍吧提示:以下是本篇文章正文内容,下面案例可供参考
创建UsernamePasswordAuthenticationFilter的子类
代码如下(示例):
public class JwtLoginFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequestrequest,HttpServletResponse response)
throws AuthenticationException {
UsernamePasswordAuthenticationToken authentication = null;
String username = "";
String password = "";
try {
//分析请求参数
UserVo userVo = JSONUtil.getGson().fromJson(request.getReader(), UserVo.class);
username = userVo.getUsername();
password = userVo.getPassword();
}catch (IOException e){
//该方法不允许抛出IOIoException
//把IoException封装成AuthenticationException的子类
throw new InternalAuthenticationServiceException(
e.getMessage(), e.getCause());
}
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
authentication = new UsernamePasswordAuthenticationToken(username, password);
//设置放入认证的authentication
super.setDetails(request, authentication);
//调用AuthenticationManager进行认证
return super.getAuthenticationManager().authenticate(authentication);
}
}
基本是照抄UsernamePasswordAuthenticati