我正在尝试使用基本Web应用程序中的Java配置来配置Spring Security,以使用URL请求参数中提供的加密令牌对外部Web服务进行身份验证.
我希望(我认为)有一个安全过滤器拦截来自登录门户的请求(它们都进入/验证),过滤器将使用AuthenticationProvider来处理身份验证过程的业务逻辑.
登录门户 - >重定向'\ authenticate'(+令牌) - >验证令牌返回登录门户(WS) - >如果成功获得角色和设置用户.
我创建了一个过滤器..
@Component
public final class OEWebTokenFilter extends GenericFilterBean {
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
OEToken token = extractToken(request);
// dump token into security context (for authentication-provider to pick up)
SecurityContextHolder.getContext().setAuthentication(token);
}
}
chain.doFilter(request, response);
}
AuthenticationProvider ......
@Component
public final class OEWebTokenAuthenticationProvider implements AuthenticationProvider {
@Autowired
private WebTokenService webTokenService;
@Override
public boolean supports(final …