主页 / 问题 / 888935
Accepted
Михаил Крячок
Asked:2020-10-04 17:37:15 +0000 UTC2020-10-04 17:37:15 +0000 UTC

通过 apiKey 进行 REST 用户身份验证

  • 772

如何根据他的组织用户认证apiKey?我试过这样,但问题是UsernamePasswordAuthenticationToken密码应该是纯形式的,并且在数据库中是加密的。

@RestController
@RequestMapping(value = "/rest/v1")
public class ApiV1 {

    @Autowired
    UserRepository userRepository; 

    @PostMapping("authorize")
    ResponseEntity<ApiError> authorize(@RequestHeader(value = "apiKey") String apiKey) {
        UserDetails user = userRepository.findByApiKey(apiKey);
        if (user == null) 
            return new ResponseEntity<>(new ApiError("API KEY NOT FOUND"), HttpStatus.NOT_FOUND);

        try {
            Authentication authenticationToken = new UsernamePasswordAuthenticationToken(user, null) ; 
                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            } catch (Exception e) {
                SecurityContextHolder.getContext().setAuthentication(null);
            return new ResponseEntity<>(new ApiError("UNAUTHORIZED", e.toString()), HttpStatus.UNAUTHORIZED);
            }

        return new ResponseEntity<>(new ApiError("OK"), HttpStatus.OK);
        }

}
spring-boot

1 个回答

  1. Best Answer

    可能对某人有用

    public void authWithoutPassword(User user){
    List<Privilege> privileges = user.getRoles().stream()
      .map(role -> role.getPrivileges())
      .flatMap(list -> list.stream())
      .distinct().collect(Collectors.toList());
    List<GrantedAuthority> authorities = privileges.stream()
        .map(p -> new SimpleGrantedAuthority(p.getName()))
        .collect(Collectors.toList());

    Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, authorities);
    SecurityContextHolder.getContext().setAuthentication(authentication);
}
    • 0

相关问题