客户端发送的SHA1令牌有效期长达24小时,需要使用Spring Boot授权该SHA1令牌。
Ex:第一个服务通过将SHA1令牌(有效24小时)作为标头/查询参数的一部分发送给第二个服务。因此,第二项服务需要使用Spring Boot授权该SHA1令牌。
我尝试使用过滤器方法。请帮助代码段,如果有任何新方法也可以。
请参考以下代码。
TokenAuthConfig.java文件
package com.scheduler.config;
import java.text.SimpleDateFormat;
import java.util.TimeZone;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import com.scheduler.filter.config.TokenAuthFilter;
import lombok.extern.slf4j.Slf4j;
@Configuration
@EnableWebSecurity
@Order(1)
@Slf4j
public class TokenAuthConfig extends WebSecurityConfigurerAdapter {
@Value("${report.rest.key.secret_key}")
private String SECRET_KEY;
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
TokenAuthFilter filter = new TokenAuthFilter("Authorization");
filter.setAuthenticationManager(new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
log.info("TokenAuthConfig.configure.AuthenticationManager.authenticate SECRET_KEY: " + SECRET_KEY);
String principal = (String) authentication.getPrincipal();
if (!generateSHA1Token().equals(principal)) {
throw new BadCredentialsException("The key was not found or not the expected value.");
}
authentication.setAuthenticated(true);
return authentication;
}
});
httpSecurity.antMatcher("/schedule/v1/status/learner/getAllLearnersReport").csrf().disable().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilter(filter).authorizeRequests()
.anyRequest().authenticated();
}
private String generateSHA1Token() {
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd");
simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
String utcStringDate = simpleDateFormat.format(new java.util.Date());
String sha1Token = DigestUtils.sha1Hex((SECRET_KEY + utcStringDate));
log.info("SHA1Token: "+ sha1Token);
return sha1Token;
}
}
TokenAuthFilter.java文件
package com.scheduler.filter.config;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class TokenAuthFilter extends AbstractPreAuthenticatedProcessingFilter{
public String principalRequestHeaderKey;
public TokenAuthFilter(String principalRequestHeaderKey) {
log.info("TokenAuthFilter.getPreAuthenticatedPrincipal executed");
this.principalRequestHeaderKey = principalRequestHeaderKey;
}
@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
log.info("TokenAuthFilter.getPreAuthenticatedPrincipal executed");
return request.getHeader("token");
}
@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
return "N/A";
}
}