下面列出了org.springframework.security.authentication.AbstractAuthenticationToken#setDetails ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
final String header = request.getHeader(TOKEN_HEADER_NAME);
if (header == null || !header.startsWith(getHeaderPrefix())) {
chain.doFilter(request, response);
return;
}
AbstractAuthenticationToken authRequest = buildAuthentication(header);
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
final Authentication authResult;
try {
authResult = authenticationManager.authenticate(authRequest);
} catch (AuthenticationException failed) {
String errorMessage = failed.getMessage();
SecurityContextHolder.clearContext();
//response exception
NodeMgrTools.responseString(response, errorMessage);
return;
}
SecurityContextHolder.getContext().setAuthentication(authResult);
chain.doFilter(request, response);
}
@Override
public void handle(HttpServletResponse response, Authentication authentication) {
AuthType authType = (AuthType)authentication.getDetails();
if (authType == AuthType.APIKEY) {
Collection<UserRole> roles = new ArrayList<>();
roles.add(UserRole.ROLE_API);
AbstractAuthenticationToken authenticationWithAuthorities = new ApiTokenAuthenticationToken(authentication.getPrincipal(),
authentication.getCredentials(), createAuthorities(roles));
authenticationWithAuthorities.setDetails(authentication.getDetails());
}
}
/**
* details复制
*/
private void copyDetails(Authentication source, Authentication dest) {
if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
token.setDetails(source.getDetails());
}
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
String doAsUserName = request.getParameter("doAs");
final List<GrantedAuthority> authorities = RoleDao.createDefaultAuthorities();
final UserDetails principal = new User(doAsUserName, "", authorities);
final AbstractAuthenticationToken finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", authorities);
WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
finalAuthentication.setDetails(webDetails);
SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
logger.info("Logged into Log Search User as doAsUser = {}", doAsUserName);
return finalAuthentication;
}
@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
final Authentication authentication) throws ServletException, IOException {
if (authentication instanceof AbstractAuthenticationToken) {
final String defaultTenant = "DEFAULT";
final AbstractAuthenticationToken token = (AbstractAuthenticationToken) authentication;
token.setDetails(new TenantAwareAuthenticationDetails(defaultTenant, false));
systemSecurityContext.runAsSystemAsTenant(systemManagement::getTenantMetadata, defaultTenant);
}
super.onAuthenticationSuccess(request, response, authentication);
}
private void setDetails(HttpServletRequest request,
AbstractAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
protected void setDetails(HttpServletRequest request,
AbstractAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}