Springsecurity-oauth2之TokenEndPoint(2)

2019-04-15 09:57:37 浏览数 (3)

    这篇是继上一篇之后的。

    当我们访问/oauth/token时,首先会经过BasicAuthenticationFilter,之后才会到TokenEndPoint

                                                                                图1

    org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter调用doFilterInternal,如下List-1所示,会从头部取出Authorization字段,由authenticationManager来处理。

List-1

代码语言:javascript复制
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    boolean debug = this.logger.isDebugEnabled();
    String header = request.getHeader("Authorization");
    if (header != null && header.startsWith("Basic ")) {
        try {
            String[] tokens = this.extractAndDecodeHeader(header, request);

            assert tokens.length == 2;

            String username = tokens[0];
            if (debug) {
                this.logger.debug("Basic Authentication Authorization header found for user '"   username   "'");
            }

            if (this.authenticationIsRequired(username)) {
                UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
                authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
                Authentication authResult = this.authenticationManager.authenticate(authRequest);
                if (debug) {
                    this.logger.debug("Authentication success: "   authResult);
                }
代码语言:txt复制
 (adsbygoogle = window.adsbygoogle || []).push({});

0 人点赞