Fatal编程技术网
  • spring-boot/
  • Spring boot 如何在spring boot中对用户进行身份验证?

Spring boot 如何在spring boot中对用户进行身份验证?

spring-boot spring-security

Spring boot 如何在spring boot中对用户进行身份验证?,spring-boot,spring-security,Spring Boot,Spring Security,我不理解这段代码是如何工作的,尤其是OncePerRequestFilter类这类的目的是什么我已经粘贴了可用的代码 public class AuthenticationFilter extends OncePerRequestFilter{ private final LoginService loginService; private static final Logger logger = Logger.getLogger(AuthenticationFilter.class);

我不理解这段代码是如何工作的,尤其是OncePerRequestFilter类这类的目的是什么我已经粘贴了可用的代码

public class AuthenticationFilter extends OncePerRequestFilter{

private final LoginService loginService;

private static final Logger logger = Logger.getLogger(AuthenticationFilter.class);

public AuthenticationFilter(final LoginService loginService) {
    super();
    this.loginService = loginService;
}

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain)
        throws ServletException, IOException {
    final String xAuth = request.getHeader("X-Authorization");
身份验证和授权是两个不同的术语。 1.身份验证:您就是您要声明的人。 2.授权:你可以做什么

假设:您的问题是授权:“我想基于RESTAPI授权特定用户”

配置http.authorizeRequests().antMatchers(“/products”).access(“hasRole('ROLE_ADMIN')”)

请参阅完整代码:

参见spring boot示例:我想删除此问题。您能告诉我如何删除它吗。 
protected void configure(HttpSecurity http) throws Exception {

    http.authorizeRequests().antMatchers("/products").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and().authorizeRequests().antMatchers("/hello").access("hasRole('ROLE_ADMIN')").anyRequest().permitAll().and()
            .formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password").and()
            .logout().logoutSuccessUrl("/login?logout").and().exceptionHandling().accessDeniedPage("/403").and()
            .csrf();
}