重点

当oauth2请求（Authorization请求头中Bearer协议的 access_token）进行访问时，会进入OAuth2AuthenticationProcessingFilter之中

public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean { // ... 其他变量 和 方法
    
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){ final HttpServletRequest request = (HttpServletRequest) req; final HttpServletResponse response = (HttpServletResponse) res; try { //从请求中取出身份信息，将access_token 放入principal变量
            Authentication authentication = tokenExtractor.extract(request); if (authentication == null) { // token信息为null，SecurityContextHolder 清空上下文
 } else { // request请求对象 放入authentication对象中
 request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal()); if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication; needsDetails.setDetails(authenticationDetailsSource.buildDetails(request)); } // 验证token身份信息
                Authentication authResult = authenticationManager.authenticate(authentication); eventPublisher.publishAuthenticationSuccess(authResult); //将身份信息绑定到SecurityContextHolder中
 SecurityContextHolder.getContext().setAuthentication(authResult); } } catch (OAuth2Exception failed) { // SecurityContextHolder 清空上下文, 然后直接返回
            return; } chain.doFilter(request, response); } }

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 Spring Security Oauth2:RedisTokenStore之Token内容 Spring Security OAuth2 Spring Security Oauth2 Spring Security OAuth2使用Redis作为token存储 Spring Security Oauth2 示例 Spring Security 与 OAuth2（介绍） Spring Security 与 OAuth2 介绍 Spring Security OAuth2 SSO Spring Security Oauth2 认证（获取token/刷新token）流程（password模式） Spring Security Oauth2 自定义 OAuth2 Exception