@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = asHttp(request);
HttpServletResponse httpResponse = asHttp(response);
Optional<String> username = Optional.fromNullable(httpRequest.getHeader("X-Auth-Username"));
Optional<String> password = Optional.fromNullable(httpRequest.getHeader("X-Auth-Password"));
Optional<String> token = Optional.fromNullable(httpRequest.getHeader("X-Auth-Token"));
String resourcePath = new UrlPathHelper().getPathWithinApplication(httpRequest);
try {
if (postToAuthenticate(httpRequest, resourcePath)) {
logger.debug("Trying to authenticate user {} by X-Auth-Username method", username);
processUsernamePasswordAuthentication(httpResponse, username, password);
return;
}
if (token.isPresent()) {
logger.debug("Trying to authenticate user by X-Auth-Token method. Token: {}", token);
processTokenAuthentication(token);
}
logger.debug("AuthenticationFilter is passing request down the filter chain");
addSessionContextToLogging();
chain.doFilter(request, response);
} catch (InternalAuthenticationServiceException internalAuthenticationServiceException) {
SecurityContextHolder.clearContext();
logger.error("Internal authentication service exception", internalAuthenticationServiceException);
httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
} catch (AuthenticationException authenticationException) {
SecurityContextHolder.clearContext();
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, authenticationException.getMessage());
} finally {
MDC.remove(TOKEN_SESSION_KEY);
MDC.remove(USER_SESSION_KEY);
}
}
AuthenticationFilter.java 文件源码
java
阅读 36
收藏 0
点赞 0
评论 0
项目:spring-boot-security-example
作者:
评论列表
文章目录
