我的简单问题是,为什么我们需要将身份验证存储在两个不同的地方?两者相同还是我犯了任何错误?我的鳕鱼工作正常,但我想知道为什么我们需要这两个身份验证存储。
在我的AuthorizationTokenFilter extends OncePerRequestFilter过滤器类中,我已经实现了,
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
..
..
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
logger.info("authorizated user '{}', setting security context", username);
SecurityContextHolder.getContext().setAuthentication(authentication);
我也在Auth RestController中实现了
@RestController
public class AuthenticationRestControlle
..
..
@RequestMapping(value = "/auth", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest) throws AuthenticationException {
authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword());
..
..
private void authenticate(String username, String password) {
try {
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));
} catch (DisabledException e) {
throw new AuthenticationException("User is disabled!", e);
} catch (BadCredentialsException e) {
throw new AuthenticationException("Bad credentials!", e);
}
}
..
..
所以我的问题是为什么我们重复两个UsernamePasswordAuthenticationToken?
为什么我们需要将此令牌存储在两个位置?