1. 首页
  2. 问答
  3. 春天的OAuth拦截REST API的调用,并从一个拦截器

春天的OAuth拦截REST API的调用,并从一个拦截器

2015-10-15 50 views
0

转发我已经配置了我所有的春季安全和OAuth令牌获取等春天的OAuth拦截REST API的调用,并从一个拦截器

但我必须验证从DB用户在每个REST API调用?

这是我的例子API:

@GET 
@Path("/getUUID") 
public Response getUUID(@Context HttpServletRequest request, final @Context SecurityContext securityContext) { 
    //here do i have to do this in each api or there is one filter that can i write and pass this user object from that to api 
    User loadUser = loadUserFromSecurityContext(securityContext); 
} 

protected User loadUserFromSecurityContext(SecurityContext securityContext) { 

    OAuth2Authentication requestingUser = (OAuth2Authentication) (securityContext).getUserPrincipal(); 
    String principal = requestingUser.getUserAuthentication().getName(); 
    User user = null; 
    user = new UserDAO().getUser(principal); 

    return user; 
}

来源

2015-10-15 maverickosama92

回答

0

您可以通过实现以下过滤器拦截API调用:

public class AuthenticationTokenProcessingFilter extends GenericFilterBean { 

AuthenticationManager authManager; 

public AuthenticationTokenProcessingFilter(AuthenticationManager authManager) { 
    this.authManager = authManager; 
} 

@Override 
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {   
    HttpServletRequest httpServletRequest = (HttpServletRequest)request; 

    //access your token here and do what you wanna do with it 
    String authToken = httpServletRequest.getHeader("AUTHORIZATION"); 

    // continue thru the filter chain 
    chain.doFilter(request, response); 
    } 
}

而在你为spring-servlet.xml

<http pattern="/api/**" create-session="never" use-expressions="true" 
     entry-point-ref="oauthAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security"> 
    <anonymous enabled="false" /> 
    <intercept-url pattern="/api/**" /> 
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> 
    <custom-filter ref="authenticationTokenProcessingFilter" before="FORM_LOGIN_FILTER"/> 
    <access-denied-handler ref="oauthAccessDeniedHandler" /> 
</http> 

<bean id="authenticationTokenProcessingFilter" class="com.yourpackage.AuthenticationTokenProcessingFilter"> 
    <constructor-arg ref="authenticationManager" /> 
</bean>

来源

2015-10-23 13:45:59 maverickosama92

+0

我有这些确切的设置,但拦截器没有收到请求。任何想法 ? –

相关问题

 相关问题