身份验证在春季安全但没有用户，只传递令牌

Question

我正在尝试为我的应用实现安全性，我需要配置安全主干只使用安全令牌，我不想使用安全性意味着用户和密码，只有安全令牌到授权，并创建会话消耗我的资源API

我怎样才能安全性配置配置此的我的应用程序？

Answer 1

您可能需要使用Spring OncePerRequestFilter此任务

//MyFilter.java 
public class MyFilter extends OncePerRequestFilter { 

private String securityTokenHeader ="token"; 

@Override 
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { 
    String securityToken = request.getHeader(securityTolenHeader); 
    if (checkToken(securityTokenHeader)){ 
     filterChain.doFilter(request, response); //continue 
    } 
    else{ 
     logger.error("Not authenticated activity"); 
     //you can also edit the response object here to inform your client 
    } 
} 
} 

配置文件

//FilterConfig.java 
@Configuration 
public class FilterConfig { 

@Bean 
public FilterRegistrationBean myFilter(){ 
    MyFilter filter = new MyFilter(); 
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(); 
    filterRegistrationBean.setFilter(filter); 
    return filterRegistrationBean; 
} 
}