Spring Boot实战之Filter实现简单的Http Basic认证
2018-01-22 11:05
453 查看
Spring Boot实战之Filter
本文在上一篇文章http://blog.csdn.net/sun_t89/article/details/51912905 的基础上,给每个rest接口上添加过滤器,使用过滤器实现简单的Http Basic认证
1、Filter功能
filter功能,它使用户可以改变一个 request和修改一个response. Filter 不是一个servlet,它不能产生一个response,它能够在一个request到达servlet之前预处理request,也可以在离开 servlet时处理response.换种说法,filter其实是一个”servlet chaining”(servlet 链).
一个Filter包括:
1)、在servlet被调用之前截获;
2)、在servlet被调用之前检查servlet request;
3)、根据需要修改request头和request数据;
4)、根据需要修改response头和response数据;
5)、在servlet被调用之后截获.
2、定义自己的过滤器
新增HTTPBasicAuthorizeAttribute.java
如果请求的Header中存在Authorization: Basic 头信息,且用户名密码正确,则继续原来的请求,否则返回没有权限的错误信息
[java] view
plain copy
package com.xiaofangtech.sunt.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.xiaofangtech.sunt.utils.ResultMsg;
import com.xiaofangtech.sunt.utils.ResultStatusCode;
import sun.misc.BASE64Decoder;
@SuppressWarnings("restriction")
public class HTTPBasicAuthorizeAttribute implements Filter{
private static String Name = "test";
private static String Password = "test";
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
ResultStatusCode resultStatusCode = checkHTTPBasicAuthorize(request);
if (resultStatusCode != ResultStatusCode.OK)
{
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setCharacterEncoding("UTF-8");
httpResponse.setContentType("application/json; charset=utf-8");
httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
ObjectMapper mapper = new ObjectMapper();
ResultMsg resultMsg = new ResultMsg(ResultStatusCode.PERMISSION_DENIED.getErrcode(), ResultStatusCode.PERMISSION_DENIED.getErrmsg(), null);
httpResponse.getWriter().write(mapper.writeValueAsString(resultMsg));
return;
}
else
{
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
private ResultStatusCode checkHTTPBasicAuthorize(ServletRequest request)
{
try
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
String auth = httpRequest.getHeader("Authorization");
if ((auth != null) && (auth.length() > 6))
{
String HeadStr = auth.substring(0, 5).toLowerCase();
if (HeadStr.compareTo("basic") == 0)
{
auth = auth.substring(6, auth.length());
String decodedAuth = getFromBASE64(auth);
if (decodedAuth != null)
{
String[] UserArray = decodedAuth.split(":");
if (UserArray != null && UserArray.length == 2)
{
if (UserArray[0].compareTo(Name) == 0
&& UserArray[1].compareTo(Password) == 0)
{
return ResultStatusCode.OK;
}
}
}
}
}
return ResultStatusCode.PERMISSION_DENIED;
}
catch(Exception ex)
{
return ResultStatusCode.PERMISSION_DENIED;
}
}
private String getFromBASE64(String s) {
if (s == null)
return null;
BASE64Decoder decoder = new BASE64Decoder();
try {
byte[] b = decoder.decodeBuffer(s);
return new String(b);
} catch (Exception e) {
return null;
}
}
}
3、在SpringRestApplication类中注册过滤器,给user/*都加上http basic认证过滤器
[java] view
plain copy
package com.xiaofangtech.sunt;
import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import com.xiaofangtech.sunt.filter.HTTPBasicAuthorizeAttribute;
@SpringBootApplication
public class SpringRestApplication {
public static void main(String[] args) {
SpringApplication.run(SpringRestApplication.class, args);
}
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
HTTPBasicAuthorizeAttribute httpBasicFilter = new HTTPBasicAuthorizeAttribute();
registrationBean.setFilter(httpBasicFilter);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/user/*");
registrationBean.setUrlPatterns(urlPatterns);
return registrationBean;
}
}
4、测试
代码中固定用户名密码都为test,所以对接口进行请求时,需要添加以下认证头信息
Authorization: Basic dGVzdDp0ZXN0
dGVzdDp0ZXN0 为 test:test 经过base64编码后的结果
如果未添加认证信息或者认证信息错误,返回没有权限的错误信息
当认证信息正确,返回请求结果
本文在上一篇文章http://blog.csdn.net/sun_t89/article/details/51912905 的基础上,给每个rest接口上添加过滤器,使用过滤器实现简单的Http Basic认证
1、Filter功能
filter功能,它使用户可以改变一个 request和修改一个response. Filter 不是一个servlet,它不能产生一个response,它能够在一个request到达servlet之前预处理request,也可以在离开 servlet时处理response.换种说法,filter其实是一个”servlet chaining”(servlet 链).
一个Filter包括:
1)、在servlet被调用之前截获;
2)、在servlet被调用之前检查servlet request;
3)、根据需要修改request头和request数据;
4)、根据需要修改response头和response数据;
5)、在servlet被调用之后截获.
2、定义自己的过滤器
新增HTTPBasicAuthorizeAttribute.java
如果请求的Header中存在Authorization: Basic 头信息,且用户名密码正确,则继续原来的请求,否则返回没有权限的错误信息
[java] view
plain copy
package com.xiaofangtech.sunt.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.xiaofangtech.sunt.utils.ResultMsg;
import com.xiaofangtech.sunt.utils.ResultStatusCode;
import sun.misc.BASE64Decoder;
@SuppressWarnings("restriction")
public class HTTPBasicAuthorizeAttribute implements Filter{
private static String Name = "test";
private static String Password = "test";
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// TODO Auto-generated method stub
ResultStatusCode resultStatusCode = checkHTTPBasicAuthorize(request);
if (resultStatusCode != ResultStatusCode.OK)
{
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setCharacterEncoding("UTF-8");
httpResponse.setContentType("application/json; charset=utf-8");
httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
ObjectMapper mapper = new ObjectMapper();
ResultMsg resultMsg = new ResultMsg(ResultStatusCode.PERMISSION_DENIED.getErrcode(), ResultStatusCode.PERMISSION_DENIED.getErrmsg(), null);
httpResponse.getWriter().write(mapper.writeValueAsString(resultMsg));
return;
}
else
{
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
private ResultStatusCode checkHTTPBasicAuthorize(ServletRequest request)
{
try
{
HttpServletRequest httpRequest = (HttpServletRequest)request;
String auth = httpRequest.getHeader("Authorization");
if ((auth != null) && (auth.length() > 6))
{
String HeadStr = auth.substring(0, 5).toLowerCase();
if (HeadStr.compareTo("basic") == 0)
{
auth = auth.substring(6, auth.length());
String decodedAuth = getFromBASE64(auth);
if (decodedAuth != null)
{
String[] UserArray = decodedAuth.split(":");
if (UserArray != null && UserArray.length == 2)
{
if (UserArray[0].compareTo(Name) == 0
&& UserArray[1].compareTo(Password) == 0)
{
return ResultStatusCode.OK;
}
}
}
}
}
return ResultStatusCode.PERMISSION_DENIED;
}
catch(Exception ex)
{
return ResultStatusCode.PERMISSION_DENIED;
}
}
private String getFromBASE64(String s) {
if (s == null)
return null;
BASE64Decoder decoder = new BASE64Decoder();
try {
byte[] b = decoder.decodeBuffer(s);
return new String(b);
} catch (Exception e) {
return null;
}
}
}
3、在SpringRestApplication类中注册过滤器,给user/*都加上http basic认证过滤器
[java] view
plain copy
package com.xiaofangtech.sunt;
import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import com.xiaofangtech.sunt.filter.HTTPBasicAuthorizeAttribute;
@SpringBootApplication
public class SpringRestApplication {
public static void main(String[] args) {
SpringApplication.run(SpringRestApplication.class, args);
}
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
HTTPBasicAuthorizeAttribute httpBasicFilter = new HTTPBasicAuthorizeAttribute();
registrationBean.setFilter(httpBasicFilter);
List<String> urlPatterns = new ArrayList<String>();
urlPatterns.add("/user/*");
registrationBean.setUrlPatterns(urlPatterns);
return registrationBean;
}
}
4、测试
代码中固定用户名密码都为test,所以对接口进行请求时,需要添加以下认证头信息
Authorization: Basic dGVzdDp0ZXN0
dGVzdDp0ZXN0 为 test:test 经过base64编码后的结果
如果未添加认证信息或者认证信息错误,返回没有权限的错误信息
当认证信息正确,返回请求结果
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Spring Boot实战之Filter实现简单的Http Basic认证
- Spring Boot实战之netty-socketio实现简单聊天室(给指定用户推送消息)
- Spring Boot实战之netty-socketio实现简单聊天室(给指定用户推送消息)
- Spring Boot实战之Filter实现使用JWT进行接口认证
- 详解Spring Boot实战之Filter实现使用JWT进行接口认证
- Spring Boot实战之netty-socketio实现简单聊天室(给指定用户推送消息)
- SpringBoot+Maven项目实战(6):整合Log4j和Aop,实现简单的日志记录
- Spring Boot - Filter实现简单的Http Basic认证
- Spring Boot 揭秘与实战 自己实现一个简单的自动配置模块
- Spring Boot实战之Filter实现使用JWT进行接口认证 jwt(json web token) 用户发送按照约定,向服务端发送 Header、Payload 和 Signature,
- Spring Boot实战之Filter实现使用JWT进行接口认证
- 仿照spring-boot实现一个简单的ioc容器(一)
- Springboot 实现 Restful 服务,基于 HTTP / JSON 传输
- SpringBoot + thymeleaf 实现简单的登陆验证
- spring-boot实现增加自定义filter(新)
- SpringBoot 集成 rabbitmq 简单实现通过队列进行,订单系统与库存系统,物流系统之间的信息交互
- Spring boot +Mybatis 实现多数据源(一:最简单版本)
- spring boot+thymeleaf+bootstrap 简单实现后台管理系统界面
- spring boot filter实现
- Spring Boot整合Spring Security简单实现登入登出从零搭建教程