Springsecurity-oauth2之TokenEndPoint(2)

最新推荐文章于 2024-10-11 16:51:17 发布

weixin_34397291

最新推荐文章于 2024-10-11 16:51:17 发布

阅读量1.1k

点赞数

CC 4.0 BY-SA版权

文章标签： java python

原文链接：https://my.oschina.net/u/2518341/blog/3020109

本文深入探讨了OAuth认证过程中的关键步骤，重点分析了BasicAuthenticationFilter如何处理Authorization头部信息，通过UsernamePasswordAuthenticationToken进行身份验证。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

2019独角兽企业重金招聘Python工程师标准>>>

这篇是继上一篇之后的。

当我们访问/oauth/token时，首先会经过BasicAuthenticationFilter，之后才会到TokenEndPoint

图1

org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter调用doFilterInternal，如下List-1所示，会从头部取出Authorization字段，由authenticationManager来处理。

List-1


protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    boolean debug = this.logger.isDebugEnabled();
    String header = request.getHeader("Authorization");
    if (header != null && header.startsWith("Basic ")) {
        try {
            String[] tokens = this.extractAndDecodeHeader(header, request);

            assert tokens.length == 2;

            String username = tokens[0];
            if (debug) {
                this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
            }

            if (this.authenticationIsRequired(username)) {
                UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
                authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
                Authentication authResult = this.authenticationManager.authenticate(authRequest);
                if (debug) {
                    this.logger.debug("Authentication success: " + authResult);
                }

转载于:https://my.oschina.net/u/2518341/blog/3020109