我编写了一个名为PowerAuth 2.0的自定义强授权服务器和集成库。
目前,尝试使用它来保护API调用的开发人员可以使用它:
@Controller
@RequestMapping(value = "/session")
public class AuthenticationController {
@Autowired
private PowerAuthAuthenticationProvider authenticationProvider;
@RequestMapping(value = "/login", method = RequestMethod.POST)
public @ResponseBody String login(
@RequestHeader(value = "X-PowerAuth-Authorization", required = true) String signatureHeader,
HttpServletRequest servletRequest) throws Exception {
PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature(
servletRequest,
"/session/login",
signatureHeader
);
if (apiAuthentication != null && apiAuthentication.getUserId() != null) {
return "OK";
} else {
return "NOT OK";
}
}
}
我想简化开发人员的工作,以便代码看起来像这样:
@Controller
@RequestMapping(value = "/session")
public class AuthenticationController {
@RequestMapping(value = "/login", method = RequestMethod.POST)
@PowerAuth(value = "/session/login")
public @ResponseBody String login(PowerAuthApiAuthentication apiAuthentication) throws Exception {
if (apiAuthentication != null && apiAuthentication.getUserId() != null) {
return "OK";
} else {
return "NOT OK";
}
}
}
原则(可能?):
由于我在春天不强,你能否就如何做到这一点向我提供指导?