org.springframework.security.authentication.AbstractAuthenticationToken#setDetails ( )源码实例Demo

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    final String header = request.getHeader(TOKEN_HEADER_NAME);

    if (header == null || !header.startsWith(getHeaderPrefix())) {
        chain.doFilter(request, response);
        return;
    }

    AbstractAuthenticationToken authRequest = buildAuthentication(header);
    authRequest.setDetails(authenticationDetailsSource.buildDetails(request));

    final Authentication authResult;
    try {
        authResult = authenticationManager.authenticate(authRequest);
    } catch (AuthenticationException failed) {
        String errorMessage = failed.getMessage();
        SecurityContextHolder.clearContext();
        //response exception
        NodeMgrTools.responseString(response, errorMessage);
        return;
    }

    SecurityContextHolder.getContext().setAuthentication(authResult);

    chain.doFilter(request, response);
}
 

@Override
public void handle(HttpServletResponse response, Authentication authentication) {

       AuthType authType = (AuthType)authentication.getDetails();
       if (authType == AuthType.APIKEY) {
           Collection<UserRole> roles = new ArrayList<>();
           roles.add(UserRole.ROLE_API);

           AbstractAuthenticationToken authenticationWithAuthorities = new ApiTokenAuthenticationToken(authentication.getPrincipal(),
                   authentication.getCredentials(), createAuthorities(roles));
           authenticationWithAuthorities.setDetails(authentication.getDetails());
       }
       
}
 

/**
 * details复制
 */
private void copyDetails(Authentication source, Authentication dest) {
    if ((dest instanceof AbstractAuthenticationToken) && (dest.getDetails() == null)) {
        AbstractAuthenticationToken token = (AbstractAuthenticationToken) dest;
        token.setDetails(source.getDetails());
    }
}
 

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
  String doAsUserName = request.getParameter("doAs");
  final List<GrantedAuthority> authorities = RoleDao.createDefaultAuthorities();
  final UserDetails principal = new User(doAsUserName, "", authorities);
  final AbstractAuthenticationToken finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", authorities);
  WebAuthenticationDetails webDetails = new WebAuthenticationDetails(request);
  finalAuthentication.setDetails(webDetails);
  SecurityContextHolder.getContext().setAuthentication(finalAuthentication);
  logger.info("Logged into Log Search User as doAsUser = {}", doAsUserName);
  return finalAuthentication;
}
 

@Override
public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
        final Authentication authentication) throws ServletException, IOException {
    if (authentication instanceof AbstractAuthenticationToken) {
        final String defaultTenant = "DEFAULT";

        final AbstractAuthenticationToken token = (AbstractAuthenticationToken) authentication;
        token.setDetails(new TenantAwareAuthenticationDetails(defaultTenant, false));

        systemSecurityContext.runAsSystemAsTenant(systemManagement::getTenantMetadata, defaultTenant);
    }

    super.onAuthenticationSuccess(request, response, authentication);
}
 

private void setDetails(HttpServletRequest request,
                        AbstractAuthenticationToken authRequest) {
    authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
 

protected void setDetails(HttpServletRequest request,
                          AbstractAuthenticationToken authRequest) {
    authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}