Spring boot 如何在spring boot中对用户进行身份验证?
我不理解这段代码是如何工作的,尤其是OncePerRequestFilter类这类的目的是什么我已经粘贴了可用的代码Spring boot 如何在spring boot中对用户进行身份验证?,spring-boot,spring-security,Spring Boot,Spring Security,我不理解这段代码是如何工作的,尤其是OncePerRequestFilter类这类的目的是什么我已经粘贴了可用的代码 public class AuthenticationFilter extends OncePerRequestFilter{ private final LoginService loginService; private static final Logger logger = Logger.getLogger(AuthenticationFilter.class);
public class AuthenticationFilter extends OncePerRequestFilter{
private final LoginService loginService;
private static final Logger logger = Logger.getLogger(AuthenticationFilter.class);
public AuthenticationFilter(final LoginService loginService) {
super();
this.loginService = loginService;
}
@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
throws ServletException, IOException {
final String xAuth = request.getHeader("X-Authorization");
身份验证和授权是两个不同的术语。 1.身份验证:您就是您要声明的人。 2.授权:你可以做什么 假设:您的问题是授权:“我想基于RESTAPI授权特定用户” 配置http.authorizeRequests().antMatchers(“/products”).access(“hasRole('ROLE_ADMIN')”)
请参阅完整代码:参见spring boot示例:我想删除此问题。您能告诉我如何删除它吗。
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/products").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and().authorizeRequests().antMatchers("/hello").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and()
.formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").and()
.logout().logoutSuccessUrl("/login?logout").and().exceptionHandling().accessDeniedPage("/403").and()
.csrf();
}