源码下载

一、API安全机制-认证 API安全机制.png

• 认证过滤器

/**
 * 请求认证过滤器
 */
@Slf4j
@Component
public class AuthenticationFilter extends OncePerRequestFilter {

    @Autowired
    private IRavenUserRepository userRepository;

    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

        String header = request.getHeader("Authorization");

        if (StringUtils.isNotBlank(header)) {
            String token64 = StringUtils.substringAfter(header, "Basic ");
            String token = new String(Base64Utils.decodeFromString(token64));
            String[] items = StringUtils.splitByWholeSeparatorPreserveAllTokens(token, ":");

            if (items.length != 2) {
                log.info("用户身份认证错误！！！");
                throw new RuntimeException("用户身份认证错误！！！");
            }
            String username = items[0];
            String password = items[1];
            RavenUser user = this.userRepository.findByName(username);
            if (user != null && user.getPassword().equals(password)) {
                request.setAttribute("user", user);
            }
        }
        filterChain.doFilter(request, response);
    }
}