Java 使用spring oauth2资源所有者密码流进行双因素身份验证_Java_Spring_Spring Security_Spring Security Oauth2

Java 使用spring oauth2资源所有者密码流进行双因素身份验证

java spring spring-security

Java 使用spring oauth2资源所有者密码流进行双因素身份验证,java,spring,spring-security,spring-security-oauth2,Java,Spring,Spring Security,Spring Security Oauth2,是否可以使用spring誓言密码流实现双因素身份验证？我正在考虑在端点/oauth/token上使用http过滤器。我的oauth访问令牌授权是通过REST完成的，因此，整个身份验证过程将是restful的这将是我的自定义过滤器，但我不确定在何处连接： public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter { private String extraParameter

是否可以使用spring誓言密码流实现双因素身份验证？我正在考虑在端点/oauth/token上使用http过滤器。我的oauth访问令牌授权是通过REST完成的，因此，整个身份验证过程将是restful的

这将是我的自定义过滤器，但我不确定在何处连接：

 public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{
 private String extraParameter = "extra";
 private String delimiter = ":";


/**
 * Given an {@link HttpServletRequest}, this method extracts the username and the extra input
 * values and returns a combined username string of those values separated by the delimiter
 * string.
 *
 * @param request The {@link HttpServletRequest} containing the HTTP request variables from
 *   which the username client domain values can be extracted
 */
@Override
protected String obtainUsername(HttpServletRequest request)
{
    String username = request.getParameter(getUsernameParameter());
    String extraInput = request.getParameter(getExtraParameter());

    String combinedUsername = username + getDelimiter() + extraInput;

    System.out.println("Combined username = " + combinedUsername);
    return combinedUsername;
}

/**
 * @return The parameter name which will be used to obtain the extra input from the login request
 */
public String getExtraParameter()
{
    return this.extraParameter;
}

/**
 * @param extraParameter The parameter name which will be used to obtain the extra input from the login request
 */
public void setExtraParameter(String extraParameter)
{
    this.extraParameter = extraParameter;
}

/**
 * @return The delimiter string used to separate the username and extra input values in the
 * string returned by <code>obtainUsername()</code>
 */
public String getDelimiter()
{
    return this.delimiter;
}

/**
 * @param delimiter The delimiter string used to separate the username and extra input values in the
 * string returned by <code>obtainUsername()</code>
 */
public void setDelimiter(String delimiter)
{
    this.delimiter = delimiter;
}

}

因此我发现ResourceOwnerPasswordTokenGranter->getOAuth2Authentication是一种推断用户名和密码，然后调用身份验证管理器的方法。有没有办法提供我自己的定制资源OwnerPasswordTokenGranter？本文基本上解决了这个问题