зеркало из
https://github.com/iharh/notes.git
synced 2025-10-31 13:46:08 +02:00
103 строки
3.9 KiB
Plaintext
103 строки
3.9 KiB
Plaintext
2018
|
|
https://www.baeldung.com/spring-security-basic-authentication
|
|
https://github.com/eugenp/tutorials/tree/master/spring-security-rest-basic-auth
|
|
https://dzone.com/articles/how-does-http-basic-authentication-work-in-spring
|
|
https://insource.io/blog/articles/stateless-api-security-with-spring-boot-part-2.html
|
|
https://insource.io/blog/articles/custom-authentication-with-spring-boot.html
|
|
2017
|
|
http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/
|
|
https://www.oodlestechnologies.com/blogs/Spring-Security-with-Token-Based-Authentication
|
|
2015
|
|
https://shout.setfive.com/2015/11/02/spring-boot-authentication-with-custom-http-header/
|
|
2014
|
|
https://habr.com/ru/post/245415/
|
|
|
|
BasicAuthenticationFilter extending
|
|
https://stackoverflow.com/questions/23314902/spring-security-commence-method-in-class-extending-basicauthenticationentrypoin
|
|
|
|
api
|
|
https://docs.spring.io/spring-security/site/docs/4.2.11.RELEASE/apidocs/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.html
|
|
returned by httpBasic()
|
|
|
|
sample
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
|
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
|
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|
|
|
import org.springframework.web.filter.OncePerRequestFilter;
|
|
|
|
import javax.servlet.Filter;
|
|
import javax.servlet.FilterChain;
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
import java.io.IOException;
|
|
|
|
import java.util.Arrays;
|
|
|
|
@EnableWebSecurity
|
|
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
public static class MyAuthenticationToken extends AbstractAuthenticationToken {
|
|
private static final long serialVersionUID = -1949976839306453197L;
|
|
|
|
public MyAuthenticationToken() {
|
|
super(Arrays.asList());
|
|
setAuthenticated(true);
|
|
}
|
|
|
|
@Override
|
|
public Object getCredentials() {
|
|
return null;
|
|
}
|
|
|
|
@Override
|
|
public Object getPrincipal() {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
public static class MyFilter extends OncePerRequestFilter {
|
|
@Override
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
|
|
logger.info("!!! myFilter enter !!!");
|
|
|
|
final String myHeaderVal = request.getHeader("myheader");
|
|
if ("12345".equals(myHeaderVal)) {
|
|
final Authentication authResult = new MyAuthenticationToken();
|
|
SecurityContextHolder.getContext().setAuthentication(authResult);
|
|
}
|
|
|
|
chain.doFilter(request, response);
|
|
}
|
|
}
|
|
|
|
@Override
|
|
protected void configure(HttpSecurity http) throws Exception {
|
|
http
|
|
.addFilterBefore(new MyFilter(), BasicAuthenticationFilter.class)
|
|
.authorizeRequests().anyRequest().authenticated().and()
|
|
.httpBasic()
|
|
;
|
|
}
|
|
|
|
@Autowired
|
|
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
|
auth
|
|
.inMemoryAuthentication()
|
|
.withUser("user").password("password").roles("USER");
|
|
}
|
|
}
|