定义过滤器
public class TokenAuthenticationFilter extends AbstractPreAuthenticatedProcessingFilter { public TokenAuthenticationFilter() {
this.setCheckForPrincipalChanges(true);
this.setAuthenticationManager(new AuthenticationManager() {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String token = (String)authentication.getPrincipal();
if(!StringUtils.isEmpty(token)){
User user = new User(token, "ROLE_USER");
user.setAuthenticated(true);
return user;
}else{
return null;
}
}
});
} @Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
String token = request.getParameter("token");
if(token == null){
token = request.getHeader("x-token");
}
return token;
} @Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
return null;
}
}
security配置
@Configuration
public static class WebSecurityConfigurer extends WebSecurityConfigurerAdapter{ @Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilter(new TokenAuthenticationFilter())
.formLogin()
.and()
.logout()
.invalidateHttpSession(true)
.logoutUrl("/logout").logoutSuccessUrl("/")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.anyRequest().authenticated();
}
}