Springsecurity-oauth2之TokenEndPoint(2)
Springsecurity-oauth2之TokenEndPoint(2)
克虏伯
发布于 2019-04-15 09:57:37
发布于 2019-04-15 09:57:37
文章被收录于专栏:软件开发-青出于蓝
这篇是继上一篇之后的。
当我们访问/oauth/token时,首先会经过BasicAuthenticationFilter,之后才会到TokenEndPoint
图1
org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter调用doFilterInternal,如下List-1所示,会从头部取出Authorization字段,由authenticationManager来处理。
List-1
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
boolean debug = this.logger.isDebugEnabled();
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Basic ")) {
try {
String[] tokens = this.extractAndDecodeHeader(header, request);
assert tokens.length == 2;
String username = tokens[0];
if (debug) {
this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
}
if (this.authenticationIsRequired(username)) {
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
Authentication authResult = this.authenticationManager.authenticate(authRequest);
if (debug) {
this.logger.debug("Authentication success: " + authResult);
} (adsbygoogle = window.adsbygoogle || []).push({});本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
