申请token

客户端认证

GenericFilterBean.java 过滤链

ClientCredentialsTokenEndpointFilter.java

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
      throws AuthenticationException, IOException, ServletException {

   if (allowOnlyPost && !"POST".equalsIgnoreCase(request.getMethod())) {
      throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST" });
   }

   String clientId = request.getParameter("client_id");
   String clientSecret = request.getParameter("client_secret");

   // If the request is already authenticated we can assume that this
   // filter is not needed
   Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
   if (authentication != null && authentication.isAuthenticated()) {
      return authentication;
   }

   if (clientId == null) {
      throw new BadCredentialsException("No client credentials presented");
   }

   if (clientSecret == null) {
      clientSecret = "";
   }

   clientId = clientId.trim();
   UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,
         clientSecret);

   return this.getAuthenticationManager().authenticate(authRequest);

}

生成token

验证token

WebFilter.java 调用链

AuthenticationWebFilter.java

ReactiveOAuth2ResourceServerJwkConfiguration.java 配置信息

DefaultJWTProcessor.java

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 Spring Cloud Gateway 整合 Spring Security Oauth2 Spring Cloud 学习 (九) Spring Security, OAuth2 Spring Cloud Security：Oauth2使用入门 spring cloud security oauth2单点登录微服务下前后端分离的统一认证授权服务，基于Spring Security OAuth2 + Spring Cloud Gateway实现单点登录 Spring Security OAuth2 Spring Security Oauth2 Spring Cloud 学习 (十) Spring Security, OAuth2, JWT spring security oauth2 基于Spring Security OAuth2搭建的Spring Cloud 认证中心