filter java oauth_java 通过 token + filter 自动设置操作人信息

最新推荐文章于 2023-02-27 18:03:37 发布
最新推荐文章于 2023-02-27 18:03:37 发布
阅读量257 收藏
点赞数
文章标签: filter java oauth
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_30907685/article/details/111927240
版权

由于项目使用 spring cloud + oauth2 +reids 来认证,每次微服务中需要自己手动代码获取登录用户信息比较麻烦,所以想到统一通过 filter 来实现

步骤如下:

1.定义操作人基本信息接口

IBaseOperator.java

import java.util.Date;

/**

* 基础操作人信息

*/

public interface IBaseOperator {

void setOperatedByUserName(String operatedByUserName);

String getOperatedByUserName();

void setOperatedOn(Date operatedOn);

Date getOperatedOn();

}

IOperator.java

package com.dimpt.common.interfaces;

/**

* 操作人信息

*/

public interface IOperator extends IBaseOperator {

void setOperatedByUserId(String operatedByUserId);

String getOperatedByUserId();

void setOperatedByRealName(String operatedByRealName);

String getOperatedByRealName();

}

2.拦截器

OperaterFilter.java

import java.io.IOException;

import java.util.Date;

import java.util.HashMap;

import java.util.Map;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletRequest;

import com.dimpt.common.http.BodyRequestWrapper;

import com.dimpt.common.http.ParameterRequestWrapper;

import com.dimpt.common.interfaces.IOperator;

import com.dimpt.common.security.CustomerUser;

import com.dimpt.common.util.JsonUtils;

import com.dimpt.common.util.components.UserUtils;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Component;

import org.springframework.util.StringUtils;

/**

* @RequestBody 注解参数中新增 {@link IOperator} 数据

*/

@Component

public class OperaterFilter implements Filter {

private static final Logger logger = LoggerFactory.getLogger(OperaterFilter.class);

@Autowired

UserUtils userUtils;

@Override

public void init(FilterConfig filterConfig) throws ServletException {

}

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)

throws IOException, ServletException {

HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;

CustomerUser customerUser = userUtils.getCustomerUser();

if (customerUser != null) {

CustomerUser.User user = customerUser.getUserDetails();

//region 设置 ServletRequest 的登录用户参数

HashMap m = new HashMap(httpServletRequest.getParameterMap());

m.put("operatedByUserId",user.getUserId());

m.put("operatedByUserName",user.getUserName());

m.put("operatedByRealName",user.getName());

m.put("operatedOn",new Date());

ParameterRequestWrapper parameterRequestWrapper = new ParameterRequestWrapper(httpServletRequest, m);

httpServletRequest = parameterRequestWrapper;

//endregion

//设置 @RequestBody 的登录用户数据

BodyRequestWrapper bodyReaderHttpServletRequestWrapper = new BodyRequestWrapper(httpServletRequest);

String bodyString = bodyReaderHttpServletRequestWrapper.getBodyString();

if(!StringUtils.isEmpty(bodyString))

{

Map bodyMap = JsonUtils.toMap(bodyString);

bodyMap.put("operatedByUserId",user.getUserId());

bodyMap.put("operatedByUserName",user.getUserName());

bodyMap.put("operatedByRealName",user.getName());

bodyMap.put("operatedOn",new Date());

String newBodyString = JsonUtils.toString(bodyMap);

bodyReaderHttpServletRequestWrapper.setBodyString(newBodyString);

httpServletRequest = bodyReaderHttpServletRequestWrapper;

}

}

filterChain.doFilter(httpServletRequest, servletResponse);

}

@Override

public void destroy() {

}

}

BodyRequestWrapper.java

import java.io.*;

import java.nio.charset.Charset;

import javax.servlet.ReadListener;

import javax.servlet.ServletInputStream;

import javax.servlet.ServletRequest;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;

/**

* @RequestBody 参数的 HttpServletRequestWrapper

*/

@SuppressWarnings("unchecked")

public class BodyRequestWrapper extends HttpServletRequestWrapper{

private byte[] body;

private String bodyString;

public byte[] getBody() {

return body;

}

public String getBodyString() {

return bodyString;

}

public BodyRequestWrapper(HttpServletRequest request) throws IOException {

super(request);

bodyString = getBodyString(request);

body = bodyString.getBytes(Charset.forName("UTF-8"));

}

/**

* 获取请求Body

*

* @param request

* @return

*/

public String getBodyString(final ServletRequest request) {

StringBuilder sb = new StringBuilder();

InputStream inputStream = null;

BufferedReader reader = null;

try {

inputStream = cloneInputStream(request.getInputStream());//将获取到的请求参数重新塞入request里面去

reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")));

String line = "";

while ((line = reader.readLine()) != null) {

sb.append(line);

}

}

catch (IOException e) {

e.printStackTrace();

}

finally {

if (inputStream != null) {

try {

inputStream.close();

}

catch (IOException e) {

e.printStackTrace();

}

}

if (reader != null) {

try {

reader.close();

}

catch (IOException e) {

e.printStackTrace();

}

}

}

return sb.toString();

}

public void setBodyString(String bodyString) throws UnsupportedEncodingException {

bodyString=bodyString;

this.body = bodyString.getBytes("UTF-8");

}

/**

* Description: 复制输入流

*

* @param inputStream

* @return

*/

public InputStream cloneInputStream(ServletInputStream inputStream) {

ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();

byte[] buffer = new byte[1024];

int len;

try {

while ((len = inputStream.read(buffer)) > -1) {

byteArrayOutputStream.write(buffer, 0, len);

}

byteArrayOutputStream.flush();

}

catch (IOException e) {

e.printStackTrace();

}

InputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());

return byteArrayInputStream;

}

@Override

public BufferedReader getReader() throws IOException {

return new BufferedReader(new InputStreamReader(getInputStream()));

}

@Override

public ServletInputStream getInputStream() throws IOException {

final ByteArrayInputStream bais = new ByteArrayInputStream(body);

return new ServletInputStream() {

@Override

public int read() throws IOException {

return bais.read();

}

@Override

public boolean isFinished() {

return false;

}

@Override

public boolean isReady() {

return false;

}

@Override

public void setReadListener(ReadListener readListener) {

}

};

}

}

ParameterRequestWrapper.java

import java.util.Enumeration;

import java.util.Map;

import java.util.Vector;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;

/**

* HttpServletRequest 参数的 HttpServletRequestWrapper

*/

@SuppressWarnings("unchecked")

public class ParameterRequestWrapper extends HttpServletRequestWrapper

{

private Map params;

public ParameterRequestWrapper(HttpServletRequest request, Map newParams)

{

super(request);

this.params = newParams;

}

public Map getParameterMap()

{

return params;

}

public Enumeration getParameterNames()

{

Vector l = new Vector(params.keySet());

return l.elements();

}

public String[] getParameterValues(String name)

{

Object v = params.get(name);

if (v == null)

{

return null;

}

else if (v instanceof String[])

{

return (String[])v;

}

else if (v instanceof String)

{

return new String[] {(String)v};

}

else

{

return new String[] {v.toString()};

}

}

public String getParameter(String name)

{

Object v = params.get(name);

if (v == null)

{

return null;

}

else if (v instanceof String[])

{

String[] strArr = (String[])v;

if (strArr.length > 0)

{

return strArr[0];

}

else

{

return null;

}

}

else if (v instanceof String)

{

return (String)v;

}

else

{

return v.toString();

}

}

}

CustomerUser.java

import lombok.Getter;

import lombok.Setter;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.User;

import java.io.Serializable;

import java.util.ArrayList;

import java.util.Collection;

import java.util.List;

public class CustomerUser extends User {

private static final long serialVersionUID = -814031798199130344L;

/**

* 登录用户的基本信息

*/

@Getter

@Setter

private User userDetails;

public CustomerUser(String username, String password, Collection extends GrantedAuthority> authorities) {

super(username, password, authorities);

}

public CustomerUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection extends GrantedAuthority> authorities) {

super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);

}

public class User implements Serializable {

private static final long serialVersionUID = 6253500539624699762L;

public User(){}

/**

* 用户id

*/

private String userId="";

/**

* 用户名,大写

*/

private String userName="";

/**

* 邮箱,大写

*/

private String email="";

/**

* 姓名

*/

private String name="";

/**

* 手机

*/

private String phone="";

/**

* 用户状态

*/

private int userState;

/*

* 性别 0:女 1:男

*/

private int sex;

/**

* 备注

*/

private String remark;

/**

* 用户角色(角色码)

*/

private List roles = new ArrayList<>();

/**

* 用户权限(权限码)

*/

private List permissions = new ArrayList<>();

/**

* 有权访问的系统(系统id)

*/

private List storeIds = new ArrayList<>();

public String getUserId() {

return userId;

}

public void setUserId(String userId) {

this.userId = userId;

}

public String getUserName() {

return userName;

}

public void setUserName(String userName) {

this.userName = userName;

}

public String getEmail() {

return email;

}

public void setEmail(String email) {

this.email = email;

}

public String getName() {

return name;

}

public void setName(String name) {

this.name = name;

}

public String getPhone() {

return phone;

}

public void setPhone(String phone) {

this.phone = phone;

}

public int getUserState() {

return userState;

}

public void setUserState(int userState) {

this.userState = userState;

}

public int getSex() {

return sex;

}

public void setSex(int sex) {

this.sex = sex;

}

public String getRemark() {

return remark;

}

public void setRemark(String remark) {

this.remark = remark;

}

public List getRoles() {

return roles;

}

public void setRoles(List roles) {

this.roles = roles;

}

public List getPermissions() {

return permissions;

}

public void setPermissions(List permissions) {

this.permissions = permissions;

}

public List getStoreIds() {

return storeIds;

}

public void setStoreIds(List storeIds) {

this.storeIds = storeIds;

}

}

}

UserUtils.java

import com.dimpt.common.security.CustomerUser;

import com.dimpt.common.util.TokenUtils;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.DependsOn;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.oauth2.common.OAuth2AccessToken;

import org.springframework.security.oauth2.provider.OAuth2Authentication;

import org.springframework.security.oauth2.provider.token.TokenStore;

import org.springframework.stereotype.Component;

import org.springframework.util.StringUtils;

import org.springframework.web.context.request.RequestAttributes;

import org.springframework.web.context.request.RequestContextHolder;

import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;

/**

* @Description

* @Author 胡俊敏

* @Date 2019/10/25 15:45

*/

@Component

@DependsOn("tokenStore")

public class UserUtils {

@Autowired

private TokenStore tokenStore;

private String getToken()

{

RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();

if(requestAttributes==null)

return null;

HttpServletRequest req = ((ServletRequestAttributes) requestAttributes).getRequest();

return TokenUtils.getToken(req);

}

/**

* 获取授权服务登录的用户信息

* @return

*/

public UserDetails getUserDetails()

{

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(getToken());

return getUserDetails(oAuth2Authentication);

}

/**

* 获取授权服务登录的用户信息

* @param token

* @return

*/

public UserDetails getUserDetails(OAuth2AccessToken token)

{

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);

return getUserDetails(oAuth2Authentication);

}

/**

* 获取授权服务登录的用户信息

* @param token

* @return

*/

public UserDetails getUserDetails(String token)

{

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);

return getUserDetails(oAuth2Authentication);

}

/**

* 获取授权服务登录的用户信息

* @return

*/

public CustomerUser getCustomerUser()

{

String token = getToken();

if(StringUtils.isEmpty(token))

return null;

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);

return getCustomerUser(oAuth2Authentication);

}

/**

* 获取授权服务登录的用户信息

* @param token

* @return

*/

public CustomerUser getCustomerUser(OAuth2AccessToken token)

{

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);

return getCustomerUser(oAuth2Authentication);

}

/**

* 获取授权服务登录的用户信息

* @param token

* @return

*/

public CustomerUser getCustomerUser(String token)

{

OAuth2Authentication oAuth2Authentication = tokenStore.readAuthentication(token);

return getCustomerUser(oAuth2Authentication);

}

/**

* 根据token获取用户名

* @param token

* @return

*/

public String getUserName(String token)

{

UserDetails userDetails = getUserDetails(token);

if(userDetails==null)

return null;

else

return userDetails.getUsername();

}

/**

* 根据token获取用户名

* @param token

* @return

*/

public String getUserId(String token)

{

CustomerUser userDetails = getCustomerUser(token);

if(userDetails==null)

return null;

else

return userDetails.getUserDetails().getUserId();

}

/**

* 根据token获取用户名

* @return

*/

public String getUserName()

{

UserDetails userDetails = getUserDetails();

if(userDetails==null)

return null;

else

return userDetails.getUsername();

}

/**

* 根据token获取用户名

* @return

*/

public String getUserId()

{

CustomerUser userDetails = getCustomerUser();

if(userDetails==null)

return null;

else

return userDetails.getUserDetails().getUserId();

}

private UserDetails getUserDetails(OAuth2Authentication oAuth2Authentication)

{

if(oAuth2Authentication==null) return null;

return (UserDetails) oAuth2Authentication.getPrincipal();

}

private CustomerUser getCustomerUser(OAuth2Authentication oAuth2Authentication)

{

if(oAuth2Authentication==null) return null;

return (CustomerUser) oAuth2Authentication.getPrincipal();

}

}

UserServiceDetail.java

import com.dimpt.domain.entity.user.UserEntity;

import com.dimpt.domain.enums.UserState;

import com.dimpt.domain.mapper.service.user.UserService;

import com.dimpt.common.security.CustomerUser;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.core.userdetails.UsernameNotFoundException;

import org.springframework.stereotype.Service;

import org.springframework.util.StringUtils;

import java.util.*;

/**

* @Description

* @Author 胡俊敏

* @Date 2019/10/24 11:09

*/

@Service

public class UserServiceDetail implements UserDetailsService {

@Autowired

private UserService userService;

@Override

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

UserEntity user = userService.findByUserName(username);

if (user == null) {

throw new UsernameNotFoundException(username);

}

Set grantedAuthorities = new HashSet<>();

//role 鉴权

List roleCodes = userService.findRoleCodes(user.getUserId());

if(roleCodes!=null &&!roleCodes.isEmpty()) {

for (String code : roleCodes) {

//角色必须是ROLE开头

if (!code.startsWith("{ROLE}")) {

code = "{ROLE}_" + code;

}

GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(code);

grantedAuthorities.add(grantedAuthority);

}

}

// 可用性 :true:可用 false:不可用

boolean enabled = true;

// 过期性 :true:没过期 false:过期

boolean accountNonExpired = true;

// 有效性 :true:凭证有效 false:凭证无效

boolean credentialsNonExpired = true;

// 锁定性 :true:未锁定 false:已锁定

boolean accountNonLocked = user.getUserState()== UserState.Active;

CustomerUser customerUser = new CustomerUser(user.getUserName(),user.getPassWord(),enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,grantedAuthorities);

//设置 SecurityUser

CustomerUser.User securityUser = customerUser.new User();

securityUser.setUserId(user.getUserId());

securityUser.setUserName(user.getUserName());

securityUser.setEmail(user.getEmail());

securityUser.setName(user.getName());

securityUser.setPhone(user.getPhone());

securityUser.setSex(user.getSex());

securityUser.setUserState(user.getUserState().getValue());

//#TODO

//设置用户角色

securityUser.setRoles(Collections.EMPTY_LIST);

//设置用户权限

securityUser.setPermissions(Collections.EMPTY_LIST);

//设置有权限访问的系统

securityUser.setStoreIds(Collections.EMPTY_LIST);

customerUser.setUserDetails(securityUser);

return customerUser;

}

}

FilterConfig.java

import com.dimpt.common.filter.OperaterFilter;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.boot.web.servlet.FilterRegistrationBean;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

@Configuration

public class FilterConfig {

@Autowired

private OperaterFilter operatorFilter;

@Bean

public FilterRegistrationBean registerOperatorFilter() {

FilterRegistrationBean registration = new FilterRegistrationBean();

registration.setFilter(operatorFilter);

registration.addUrlPatterns("/*");

registration.setName("operatorFilter");

registration.setOrder(1); //值越小,Filter越靠前。

return registration;

}

}

BaseOperatorAwareCommand.java

import com.dimpt.common.interfaces.IOperator;

import io.swagger.annotations.ApiModelProperty;

import lombok.Getter;

import lombok.Setter;

import java.util.Date;

/**

* 携带操作人信息的命令基类

*/

@Getter

@Setter

public abstract class BaseOperatorAwareCommand implements IOperator {

/**

* 操作人的用户Id。本字段应根据当前登录用户取值(不应理会前端传入的数据)

*/

@ApiModelProperty(hidden = true)

private String operatedByUserId;

/**

* 操作人真实姓名。本字段应根据当前登录用户取值(不应理会前端传入的数据)

*/

@ApiModelProperty(hidden = true)

private String operatedByRealName;

/**

* 操作人用户名。本字段应根据当前登录用户取值(不应理会前端传入的数据)

*/

@ApiModelProperty(hidden = true)

private String operatedByUserName;

/**

* 操作时间

*/

@ApiModelProperty(hidden = true)

private Date operatedOn;

}

DeploymentByResourceCommand.java

import com.dimpt.domain.command.BaseOperatorAwareCommand;

import io.swagger.annotations.ApiModel;

import io.swagger.annotations.ApiModelProperty;

import lombok.Getter;

import lombok.Setter;

@Getter

@Setter

@ApiModel(description= "发布流程")

public class DeploymentByResourceCommand extends BaseOperatorAwareCommand {

@ApiModelProperty(value = "添加bpmn文件",notes = "必须是 Resource 能识别到的路径",required = true)

private String bpmpResourcePath;

@ApiModelProperty(value = "添加png文件",notes = "必须是 Resource 能识别到的路径")

private String pngResourcePath;

@ApiModelProperty(value = "流程名称",required = true)

private String name;

}

具体使用如下:

@RequestMapping("/deploymentByResource")

@ApiOperation(value = "发布流程",notes = "项目内部资源文件部署")

public JsonResult deploymentByResource(@RequestBody DeploymentByResourceCommand command)

{

securityUtils.logInAs(command.getOperatedByUserName());

DeploymentBuilder deploymentBuilder = repositoryService.createDeployment();

//创建Deployment对象

deploymentBuilder = deploymentBuilder.addClasspathResource(command.getBpmpResourcePath());

//添加png文件

if(!StringUtils.isEmpty(command.getPngResourcePath()))

deploymentBuilder = deploymentBuilder.addClasspathResource(command.getPngResourcePath());

//部署

Deployment deployment = deploymentBuilder.name(command.getName()).deploy();

return JsonResult.success(deployment);

}

command.getOperatedByUserName()

command.operatedByUserId()

command.operatedByRealName()

command.getOperatedOn()

水果弟
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
java token过滤器_java过滤器全局解析token
weixin_30068877的博客
02-26 1281
java过滤器全局解析token使用过滤器定义一个全局的token解析器在进行后端接口的开发过程中,一般涉及到人员用户,权限或者安全方面的考虑接口都会使用token来传递用户或者一些安全系数高的鉴权参数等。一般接口定义全局AOP解析使用AOP,对需要获取token信息的接口,进行方法增强,在进入controller之前,动态的为接口方法鉴权,或者为接口方法添加一个token相关的参数。根据需求不同...
java过滤器验证app用户token_在过滤器中验证接口中的Token
weixin_39824801的博客
02-24 462
一、web.xml在web.xml中增加以下代码TokenFilter //过滤器名称com.seven.mp.contentmng.utils.TokenFilter //实现类路径TokenFilter/conference/* //目录前缀二、TokenFilter 实现类1. 过滤器必须实现Filter 接口 , 即TokenFilter implements Fil...
java login jwt token filter
舒适hanxs4
01-02 307
jwt token login
java 网关日十万,JAVA网关鉴权后下游统一filter获取用户信息
weixin_33814090的博客
03-20 284
1. 场景描述最近有点忙,在弄微服务nacos+springcloud gateway这块工作,以前只是简单应用,这次因为要对接10几个系统或者平台,还的鉴权,等后续稍微闲点了,把这块东西总结下。刚好要写个文档,就一起发出来,场景是其他系统,gateway中鉴权成功后(过来的是加密token),会将个人信息信息会写到header中,比如手机号、姓名、部门等,为了方便下游系统获取信息,让写一个统一的...
oauth2 如何在拦截器最前面添加fileter_SpringOauth2在获取token流程添加拦截器
weixin_39972264的博客
12-08 1427
最近在开发oauth2相关功能时,因需要要用json数据进行oauth2的校验,便想到在BasicAuticaitonFilter前通过添加拦截器进行client信息的校验。通过调试源码,最终找到了添加的方法。 oauth2拦截器在初始化完成后,共会生成三个拦截器调用链,分别对应oauth/token等的oauth2认证拦截器调用链,对resource资源访问的拦截器调用链,springsec...
java实现的OAuth2流程
04-24
通过这个纯Java实现,你可以更好地掌握OAuth2的工作原理,了解如何在没有特定框架支持的情况下构建安全的授权系统。这个实现对于学习和理解OAuth2的底层机制非常有价值,同时也可以作为自定义授权解决方案的基础。
java web 实现 QQ 第三方登录 Demo 源码分享
03-16
2. **Java Web开发**:Java Web是指使用Java技术进行Web应用程序开发,通常包括Servlet、JSP(Java Server Pages)、Filter、Listener等组件。在这个场景中,我们主要会用到Servlet来处理HTTP请求和响应。 3. **QQ...
SpringSecurity+oauth2+jwt.docx
01-25
Spring Security作为Java领域中强大的安全框架,配合OAuth2和JWT(JSON Web Token),可以构建出高效且安全的认证系统。下面将详细阐述这三者的结合及其在B/S结构中的应用。 首先,让我们了解一下传统的B/S结构认证...
拦截器filter在rest客户端织入token
08-10
通过这种方式,我们可以在每次请求中自动地管理和插入token,而无需在每个单独的请求方法中手动处理。这样的设计提高了代码的可维护性和安全性,同时也遵循了单一职责原则,使得过滤器可以独立地关注它们的任务,...
spring-oauth2-login
02-23
8. **Access Token**:访问令牌是OAuth2的核心,它授予持有者对受保护资源的访问权限。在Spring OAuth2 Login中,访问令牌会被用于向第三方API发送请求。 9. **Refresh Tokens**:当访问令牌过期时,可以使用刷新...
java后台获取小程序用户信息和生成自定义token,并使用filter过滤header的token源码
08-12
java后台获取小程序用户信息和生成自定义token,并使用filter过滤header的token源码.
http安全 Java_在java配置中添加http安全过滤器
weixin_42627459的博客
02-18 315
您是否对所有的Spring Security感兴趣,忽略URL,还是只希望该特定的过滤器忽略该请求?如果您希望所有Spring Security忽略该请求,可以使用以下方法:@Configuration@EnableWebSecurity@Import(MyAppConfig.class)public class MySecurityConfig extends WebSecurityConfig...
过滤器filter实现token拦截解析(亲测)
qq_53314126的博客
02-27 1448
1、什么是tokentoken令牌:是服务端生成的一串随机生成字符串(我们的例子用UUID生成),放在请求头作为客户端进行请求的一个标识。 当用户第一次登录,服务器生成一个token并将此token返回给客户端,以后客户端只需带上这个token前来请求数据即可判断是谁在调用接口,无需再要用户名和密码。 最近有一个需求是权限系统对另一个系统进行token验证权限管理。子系统并未引入权限框架。目前实现思路是前端将token传入子系统。通过共享redis去解决权限问题。故此子系统只
java登录filter_javafilter实现用户登录管理
weixin_39819283的博客
02-27 123
web.xml 配置文件authorFilterhhu.edu.cn.filter.AuthFilterredirect/Test/login.jspdisableNincludeslogin.jsp;filter类:package hhu.edu.cn.filter;import java.io.IOException;import javax.servlet.Filter;import jav...
Filter存用户信息
IT的鱼
12-21 221
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; ..
filter java oauth_Spring OAuth过滤器链和Java配置
weixin_39602560的博客
12-24 250
我正在尝试将spring-security-oauth添加到具有spring-security的现有应用程序中.我正在使用Java配置.我有一个现有的修改过滤器链(添加了一些自定义过滤器)但是对’/ oauth / token’的请求没有使用它,而是使用’默认’过滤器链.如何才能访问保护oauth端点的过滤器链,以便我可以在那里使用自定义过滤器,还是可以将OAuth端点连接到现有设置中?解决方法:...
接口自动化框架(java)--4.接口Token传递
weixin_30390075的博客
03-29 242
这套框架的报告是自己封装的 一般token会在登录接口返回结果中呈现,从代码层面获取token的方式有很多种,我是使用jsonpath这个json路径语言去匹配token所在路径的key值 1 package com.qa.tests; 2 3 4 import com.alibaba.fastjson.JSON; 5 import com.qa.bas...
spring security oauth2.0 根据token信息获取用户信息
热门推荐
u013911102的博客
09-14 1万+
项目场景: 既然前面有说到spring security 是如何验证当前用户以及获取到当前用户信息,哪么spring security auth2.0又是如何验证当前用户信息的呢? 技术详解: spring security auth2.0验证用户信息其实更加简单,具体的逻辑就在OAuth2AuthenticationProcessingFilter,我们先一起看看OAuth2AuthenticationProcessingFilter的源码吧. OAuth2AuthenticationProce
Security oauth2 通过 token 验证token获取用户信息
fengxing_2的专栏
07-08 5975
1、注入 tokenStore @Autowired private RedisTokenStore tokenStore; // 通过token值进行验证 OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(token); if (null != oAuth2AccessToken) { OAuth2Authentication auth2Authentication = tokenStore.readAut
java Spring oauth2 gateway Filter拦截器如何主动返回401
最新发布
06-03
这将设置响应的状态码为401。您可以将此代码添加到您的过滤器中的条件语句中,以便在需要时返回401响应。例如,如果您的过滤器需要特定的权限才能访问资源,但访问令牌不包含所需的权限,则可以使用以下代码返回401...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值