| | |
|---|
| | | import com.moral.security.auth.jwt.extractor.TokenExtractor; |
|---|
| | | import com.moral.security.config.WebSecurityConfig; |
|---|
| | | import com.moral.security.model.token.RawAccessJwtToken; |
|---|
| | | import org.apache.commons.lang3.StringUtils; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.security.core.Authentication; |
|---|
| | | import org.springframework.security.core.AuthenticationException; |
|---|
| | |
|---|
| | | import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; |
|---|
| | | import org.springframework.security.web.authentication.AuthenticationFailureHandler; |
|---|
| | | import org.springframework.security.web.util.matcher.RequestMatcher; |
|---|
| | | import org.springframework.web.bind.annotation.RequestMethod; |
|---|
| | | |
|---|
| | | import javax.servlet.FilterChain; |
|---|
| | | import javax.servlet.ServletException; |
|---|
| | |
|---|
| | | public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) |
|---|
| | | throws AuthenticationException, IOException, ServletException { |
|---|
| | | String tokenPayload = request.getHeader(WebSecurityConfig.AUTHENTICATION_HEADER_NAME); |
|---|
| | | //GET请求 如果头部获取不到token信息,从参数列表去取。post请求必须放在头部 |
|---|
| | | if(StringUtils.isBlank(tokenPayload)&&"GET".equals(request.getMethod())){ |
|---|
| | | //头部标志加上 |
|---|
| | | tokenPayload = "Bearer "+request.getParameter(WebSecurityConfig.AUTHENTICATION_PARAM_NAME); |
|---|
| | | } |
|---|
| | | RawAccessJwtToken token = new RawAccessJwtToken(tokenExtractor.extract(tokenPayload)); |
|---|
| | | return getAuthenticationManager().authenticate(new JwtAuthenticationToken(token)); |
|---|
| | | } |
|---|
