如何在spring boot中验证用户?

时间:2017-05-31 05:37:39

标签: spring-boot spring-security

我不明白这段代码是如何运作的,特别是OncePerRequestFilter类这个课程的目的是什么,我已经粘贴了可用的代码。

public class AuthenticationFilter extends OncePerRequestFilter{

private final LoginService loginService;

private static final Logger logger = Logger.getLogger(AuthenticationFilter.class);

public AuthenticationFilter(final LoginService loginService) {
    super();
    this.loginService = loginService;
}

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
        throws ServletException, IOException {
    final String xAuth = request.getHeader("X-Authorization");    

1 个答案:

答案 0 :(得分:1)

身份验证和授权是两个不同的术语。 1.认证:您就是您所声称的人。 2.授权:你可以做什么。

假设:您的问题是授权:“我想基于休息api授权特定用户”。

配置 http.authorizeRequests()。antMatchers(“/ products”)。access(“hasRole('ROLE_ADMIN')”)

protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/products").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and().authorizeRequests().antMatchers("/hello").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and()
            .formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").and()
            .logout().logoutSuccessUrl("/login?logout").and().exceptionHandling().accessDeniedPage("/403").and()
            .csrf();
}

参考完整代码:https://github.com/Roshanmutha/SpringSecurityJDBC/blob/master/src/main/java/com/roshantest/WebSecurityConfig.java