Spring Security using HTTP headers
I am trying to add security to my Spring Boot application. My current application is using REST controllers and every time I get a GET or POST request
-
the minimal code addition is to define a filter and add it to the security configuration, smth like
XHeaderAuthenticationFilter.java
@Component public class XHeaderAuthenticationFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { String xAuth = request.getHeader("X-Authorization"); User user = findByToken(xAuth); if (user == null) { response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Token invalid"); } else { final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(request, response); } } //need to implement db user validation... private User findByToken(String token) { if (!token.equals("1234")) return null; final User user = new User( "username", "password", true, true, true, true, Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))); return user; } }SecurityConfig.java
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(final HttpSecurity http) throws Exception { http.sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf().disable() .authorizeRequests().anyRequest().authenticated() .and() .exceptionHandling() .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)) .and() .addFilterBefore(new XHeaderAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); } }another approach is to use spring's
AOPto define annotation of some logic to perform before entering the annotated controller method
加载中...
- 热议问题