重點

當oauth2請求（Authorization請求頭中Bearer協議的 access_token）進行訪問時，會進入OAuth2AuthenticationProcessingFilter之中

public class OAuth2AuthenticationProcessingFilter implements Filter, InitializingBean { // ... 其他變量 和 方法
    
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain){ final HttpServletRequest request = (HttpServletRequest) req; final HttpServletResponse response = (HttpServletResponse) res; try { //從請求中取出身份信息，將access_token 放入principal變量
            Authentication authentication = tokenExtractor.extract(request); if (authentication == null) { // token信息為null，SecurityContextHolder 清空上下文
 } else { // request請求對象 放入authentication對象中
 request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal()); if (authentication instanceof AbstractAuthenticationToken) { AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication; needsDetails.setDetails(authenticationDetailsSource.buildDetails(request)); } // 驗證token身份信息
                Authentication authResult = authenticationManager.authenticate(authentication); eventPublisher.publishAuthenticationSuccess(authResult); //將身份信息綁定到SecurityContextHolder中
 SecurityContextHolder.getContext().setAuthentication(authResult); } } catch (OAuth2Exception failed) { // SecurityContextHolder 清空上下文, 然后直接返回
            return; } chain.doFilter(request, response); } }

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Spring Security Oauth2:RedisTokenStore之Token內容 Spring Security OAuth2 Spring Security Oauth2 Spring Security OAuth2使用Redis作為token存儲 Spring Security Oauth2 示例 Spring Security 與 OAuth2（介紹） Spring Security 與 OAuth2 介紹 Spring Security OAuth2 SSO Spring Security Oauth2 認證（獲取token/刷新token）流程（password模式） Spring Security Oauth2 自定義 OAuth2 Exception