来自 技术 2019-03-12 00:00 的文章

Springsecurity-oauth2之TokenEndPoint(2)

开发十年,就只剩下这套架构体系了!>>>

这篇是继上一篇之后的。

当我们访问/oauth/token时,首先会经过BasicAuthenticationFilter,之后才会到TokenEndPoint

图1

org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter调用doFilterInternal,如下List-1所示,会从头部取出Authorization字段,由authenticationManager来处理。

List-1

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { boolean debug = this.logger.isDebugEnabled(); String header = request.getHeader("Authorization"); if (header != null && header.startsWith("Basic ")) { try { String[] tokens = this.extractAndDecodeHeader(header, request); assert tokens.length == 2; String username = tokens[0]; if (debug) { this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'"); } if (this.authenticationIsRequired(username)) { UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]); authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request)); Authentication authResult = this.authenticationManager.authenticate(authRequest); if (debug) { this.logger.debug("Authentication success: " + authResult); }