토큰 기반 인증을 구현하려는 RESTful 웹 응용 프로그램이 있습니다.RESTful 인증 확인
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {
private TokenAuthenticationService tokenAuthenticationService;
public JWTLoginFilter(String url, AuthenticationManager authenticationManager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(authenticationManager);
tokenAuthenticationService = new TokenAuthenticationService();
}
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)
throws AuthenticationException, IOException, ServletException {
ServletInputStream inputStream = httpServletRequest.getInputStream();
httpServletRequest.getCharacterEncoding();
ObjectMapper mapper = new ObjectMapper();
AccountCredentials credentials = mapper.readValue(inputStream, AccountCredentials.class);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(credentials.getUsername(), credentials.getPassword());
return getAuthenticationManager().authenticate(token);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication)
throws IOException, ServletException {
String name = authentication.getName();
tokenAuthenticationService.addAuthentication(response, name);
}
}
이 클래스는 요청을 차단하기 위해 JWTAuthenticationFilter
을 확장해야하는 :
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
JpaConfiguration jpaConfiguration;
@Override
protected void configure(HttpSecurity http) throws Exception {
// disable caching
http.headers().cacheControl();
http.csrf().disable() // disable csrf for our requests.
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.anyRequest().authenticated()
.and()
// Here the login requests is filtered
.addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class)
// Much probably here I have to filter other requests to check the presence of JWT in header,
// here i just add a commented block with teh name of the Filter
//.addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
;
}
}
JWTLoginFilter 클래스는 다음과 같습니다 : 다음과 같이 저는 필터 클래스와 요청을 차단 토큰을 발행 할 수 있었다 ?
여전히 AbstractAuthenticationProcessingFilter
클래스입니까?
토큰 기반 인증을 개발하는 더 좋은 방법이 있습니까?