基于Token的授权(with srping mvc)

浏览数:26 / 时间:2015年06月09日 
@Override
public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {
    boolean tokenAuthenticated = false;
    HttpServletRequest request = (HttpServletRequest) sr;
    String token = findToken(request);
    if ((null == token) || (!authenticationNeeded(request))) {
        fc.doFilter(sr, sr1);
        return;
    }
    if (needHttps && (! request.isSecure())) {
        TokenAuthenticationToken at = new TokenAuthenticationToken(token);
        try {
            at.setDetails(detailsSource.buildDetails(request));
            Authentication auth = manager.authenticate(at);
            if ((auth != null) && (auth.isAuthenticated())) {
                SecurityContextHolder.getContext().setAuthentication(auth);
                tokenAuthenticated = true;
            }
        } catch (AuthenticationException e) {
            logger.debug("Authentication failed :", e);
        }
    }
    else {
        logger.info("Token identification rejected : proto != https");
    }
    fc.doFilter(sr, sr1);
    if (tokenAuthenticated) {
        logger.debug("Token authenticated : invalidate session");
        HttpSession session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
    }
}

除了filter,应该需要在服务端持久化token,参见http://stackoverflow.com/questions/2608372/spring-security-rememberme-services-with-session-cookie?rq=1
https://github.com/virgo47/restful-spring-security

logout的实现
http://stackoverflow.com/questions/14733418/login-logout-in-rest-with-spring-3/14735345#14735345

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。

标签: class log com http si it la Go ha class log com http si it la Go ha

相关文章

随机文章

您可能还喜欢

您可能还喜欢