身份驗證在春季安全但沒有用戶，只傳遞令牌

Question

我正在嘗試爲我的應用實現安全性，我需要配置安全主幹只使用安全令牌，我不想使用安全性意味着用戶和密碼，只有安全令牌到授權，並創建會話消耗我的資源API

我怎樣才能安全性配置配置此的我的應用程序？

Answer 1

您可能需要使用Spring OncePerRequestFilter此任務

//MyFilter.java 
public class MyFilter extends OncePerRequestFilter { 

private String securityTokenHeader ="token"; 

@Override 
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { 
    String securityToken = request.getHeader(securityTolenHeader); 
    if (checkToken(securityTokenHeader)){ 
     filterChain.doFilter(request, response); //continue 
    } 
    else{ 
     logger.error("Not authenticated activity"); 
     //you can also edit the response object here to inform your client 
    } 
} 
} 

配置文件

//FilterConfig.java 
@Configuration 
public class FilterConfig { 

@Bean 
public FilterRegistrationBean myFilter(){ 
    MyFilter filter = new MyFilter(); 
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); 
    filterRegistrationBean.setFilter(filter); 
    return filterRegistrationBean; 
} 
}