spring oauth2 在获取token过程中 在header中没有authorization 怎么处理

步骤1:自定义过滤器fillAuthorizationBasicAuthenticationFilter

 

 

看spring的HttpServletRequest是怎么封装的,所以才有了recursionRetrieveRequestFacade

@Component
public class FillAuthorizationBasicAuthenticationFilter extends OncePerRequestFilter {
    private Object recursionRetrieveRequestFacade(Field source, Object object) throws IllegalAccessException {
        try {
            Object target = source.get(object);
            if (target instanceof RequestFacade) {
                return target;
            }
            return recursionRetrieveRequestFacade(source, target);
        } catch (IllegalAccessException e) {
            System.out.println(e.getMessage());
            return null;
        }
    }

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            Field field = ReflectionUtils.findField(ServletRequestWrapper.class, "request", ServletRequest.class);
            field.setAccessible(true);
            RequestFacade request = (RequestFacade) recursionRetrieveRequestFacade(field, httpServletRequest);

            Field connectorField = ReflectionUtils.findField(RequestFacade.class, "request", Request.class);
            connectorField.setAccessible(true);

            Request connectorRequest = (Request) connectorField.get(request);

            Field coyoteField = ReflectionUtils.findField(Request.class, "coyoteRequest", org.apache.coyote.Request.class);
            coyoteField.setAccessible(true);
            org.apache.coyote.Request coyoteRequest = (org.apache.coyote.Request) coyoteField.get(connectorRequest);

            // 从 org.apache.coyote.Request 中获取 MimeHeaders
            Field mimeHeadersField = ReflectionUtils.findField(org.apache.coyote.Request.class, "headers", MimeHeaders.class);
            mimeHeadersField.setAccessible(true);
            MimeHeaders mimeHeaders = (MimeHeaders) mimeHeadersField.get(coyoteRequest);
            this.mineHeadersHandle(mimeHeaders, httpServletRequest);
        } catch (Exception e) {
            System.out.println(e.getMessage());
        }
        super.doFilter(httpServletRequest, httpServletResponse, filterChain);

    }

    protected void mineHeadersHandle(MimeHeaders mimeHeaders, HttpServletRequest request) {

        if (!Strings.isBlank(mimeHeaders.getHeader("Authorization"))) {
            return;
        }
        mimeHeaders.addValue("Authorization").setString("Basic Y2xpZW50OnNlY3JldA==");

    }
}

 

 

步骤1:在BasicAuthenticationFilter插入自定义过滤器

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/oauth/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().and()
            .csrf().disable();
    http.addFilterBefore(fillAuthorizationBasicAuthenticationFilter, BasicAuthenticationFilter.class);

}

 

posted @ 2022-11-07 09:16  muyi0813  阅读(984)  评论(0)    收藏  举报