我编写了一个自定义强授权服务器和用于集成的库,称为PowerAuth 2.0。
目前,尝试使用它来保护 API 调用的开发人员可以这样使用它:
@Controller
@RequestMapping(value = "/session")
public class AuthenticationController {
@Autowired
private PowerAuthAuthenticationProvider authenticationProvider;
@RequestMapping(value = "/login", method = RequestMethod.POST)
public @ResponseBody String login(
@RequestHeader(value = "X-PowerAuth-Authorization", required = true) String signatureHeader,
HttpServletRequest servletRequest) throws Exception {
PowerAuthApiAuthentication apiAuthentication = authenticationProvider.validateRequestSignature(
servletRequest,
"/session/login",
signatureHeader
);
if (apiAuthentication != null && apiAuthentication.getUserId() != null) {
return "OK";
} else {
return "NOT OK";
}
}
}
不过,我想简化开发人员的工作,使代码看起来像这样:
@Controller
@RequestMapping(value = "/session")
public class AuthenticationController {
@RequestMapping(value = "/login", method = RequestMethod.POST)
@PowerAuth(value = "/session/login")
public @ResponseBody String login(PowerAuthApiAuthentication apiAuthentication) throws Exception {
if (apiAuthentication != null && apiAuthentication.getUserId() != null) {
return "OK";
} else {
return "NOT OK";
}
}
}
原则(可能?):
- 不再需要自动装配的身份验证提供程序
- 将签名验证调用替换为自定义请求过滤器
- 将请求过滤器绑定到带有参数的自定义注解
- 在方法参数中注入生成的身份验证对象
由于我在春季不强,请您指导我如何做到这一点?