@Override
public Authentication authenticate(Authentication authenti) throws AuthenticationException {
// TODO Auto-generated method stub
//String token=authenti.implies("userdetails");
//UserDetails u=(UserDetails) authenti.getDetails();
//String accessToken=authenti.
//String aceToken=HttpServletRequest.this.getAttribute("accessToken");
return null;
}
@Override
public boolean supports(Class<?> arg0) {
// TODO Auto-generated method stub
return false;
}
答案 0 :(得分:0)
我认为在您的情况下使用自定义AuthenticationProvider并不是最好的主意:在其覆盖的方法中,您已经在使用身份验证,因此应该在身份验证之前处理令牌。
过滤器是更好的选择:
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
String jwt = null;
String token = request.getHeader(HttpHeaders.AUTHORIZATION);
if (StringUtils.hasText(token) && token.startsWith("Bearer ")) {
jwt = token.substring(7, token.length());
}
if (StringUtils.hasText(jwt) && tokenProvider.validateToken(jwt)) {
Long personId = tokenProvider.getUserIdFromJWT(jwt); //it may be another identifier - unique name, email, etc.
UserDetails userDetails = customDetailsService.loadUserById(personId);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(request, response);
} catch (JwtException exception) { //collecting custom exception from token provider class
//create and send error
//response.sendError or with response.getOutputStream()
}
}
}
之后,来自令牌的信息将位于Authentication实例中,您可以在任何地方进行处理。