我正在编写一个过滤器,它将拦截一个 Restful API 调用,提取一个承载令牌并调用授权服务器进行验证。
我在 Spring Boot 中找不到开箱即用的方法,但我确信有一种更简洁的方法可以做到这一点。这是我所拥有的(伪代码):
public class SOOTokenValidationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String xAuth = request.getHeader("Authorization");
// validate the value in xAuth
if(isValid(xAuth) == false){
throw new SecurityException();
}
// Create our Authentication and set it in Spring
Authentication auth = new Authentication ();
SecurityContextHolder.getContext().setAuthentication(auth);
filterChain.doFilter(request, response);
}
private boolean isValid (String token){
// make a call to SSO passing the access token and
// return true if validated
return true;
}
}