福和思

foxhello

0%

Spring Security源码学习

发表于 更新于 分类于 阅读次数:

Spring Security 请求流程

token 过期请求流程

  1. EnableConfigurationProperties 开启 security
  2. ResourceServerSecurityConfigurer 资源安全服务配置
  3. OAuth2AuthenticationManager oauthAuthenticationManager = new OAuth2AuthenticationManager(); 鉴权认证
  4. OAuth2Authentication auth = tokenServices.loadAuthentication(token); token 认证
  5. DefaultTokenServices.loadAuthentication(String accessTokenValue) throws AuthenticationException, InvalidTokenException 获取认证信息
  6. OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue); 读取认证信息
  7. CustomRedisTokenStore.readAccessToken(String tokenValue)
1
2
3
4
5
6
7
8
9
10
11
public OAuth2AccessToken readAccessToken(String tokenValue) {
        byte[] key = serializeKey(ACCESS + tokenValue);
        byte[] bytes;
        RedisConnection conn = getConnection();
        try {
            bytes = conn.get(key);
        } finally {
            conn.close();
        }
        return deserializeAccessToken(bytes);
    }
  1. OAuth2AuthenticationProcessingFilter.doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException filter 过滤

token 正常请求流程

  1. ResourceServerConfiguration.setAuthenticate(ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl)
  2. permissionService.hasPermission(request, authentication)
  3. DefaultPermissionServiceImpl.hasPermission(Authentication authentication, String requestMethod, String requestURI)
  4. TokenEndpoint.postAccessToken /oauth/token