申請token

客戶端認證

GenericFilterBean.java 過濾鏈

ClientCredentialsTokenEndpointFilter.java

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
      throws AuthenticationException, IOException, ServletException {

   if (allowOnlyPost && !"POST".equalsIgnoreCase(request.getMethod())) {
      throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST" });
   }

   String clientId = request.getParameter("client_id");
   String clientSecret = request.getParameter("client_secret");

   // If the request is already authenticated we can assume that this
   // filter is not needed
   Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
   if (authentication != null && authentication.isAuthenticated()) {
      return authentication;
   }

   if (clientId == null) {
      throw new BadCredentialsException("No client credentials presented");
   }

   if (clientSecret == null) {
      clientSecret = "";
   }

   clientId = clientId.trim();
   UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,
         clientSecret);

   return this.getAuthenticationManager().authenticate(authRequest);

}

生成token

驗證token

WebFilter.java 調用鏈

AuthenticationWebFilter.java

ReactiveOAuth2ResourceServerJwkConfiguration.java 配置信息

DefaultJWTProcessor.java

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Spring Cloud Gateway 整合 Spring Security Oauth2 Spring Cloud 學習 (九) Spring Security, OAuth2 Spring Cloud Security：Oauth2使用入門 spring cloud security oauth2單點登錄微服務下前后端分離的統一認證授權服務，基於Spring Security OAuth2 + Spring Cloud Gateway實現單點登錄 Spring Security OAuth2 Spring Security Oauth2 Spring Cloud 學習 (十) Spring Security, OAuth2, JWT spring security oauth2 基於Spring Security OAuth2搭建的Spring Cloud 認證中心