2023年6月20日发(作者：)

SpringBoot实战之Filter实现简单的HttpBasic认证Spring Boot实战之Filter本⽂在上⼀篇⽂章/sun_t89/article/details/51912905 的基础上，给每个rest接⼝上添加过滤器，使⽤过滤器实现简单的Http Basic认证1、Filter功能filter功能，它使⽤户可以改变⼀个 request和修改⼀个response. Filter 不是⼀个servlet,它不能产⽣⼀个response,它能够在⼀个request到达servlet之前预处理request,也可以在离开 servlet时处理response.换种说法,filter其实是⼀个”servlet chaining”(servlet链).⼀个Filter包括：1）、在servlet被调⽤之前截获;2）、在servlet被调⽤之前检查servlet request;3）、根据需要修改request头和request数据;4）、根据需要修改response头和response数据;5）、在servlet被调⽤之后截获.2、定义⾃⼰的过滤器新增如果请求的Header中存在Authorization: Basic 头信息，且⽤户名密码正确，则继续原来的请求，否则返回没有权限的错误信息package ;import ption;import ;import Chain;import Config;import tException;import tRequest;import tResponse;import rvletRequest;import rvletResponse;import Mapper;import Msg;import StatusCode;import 64Decoder;@SuppressWarnings("restriction")public class HTTPBasicAuthorizeAttribute implements Filter{

private static String Name = "test"; private static String Password = "test"; @Override public void destroy() { // TODO Auto-generated method stub

} @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub

ResultStatusCode resultStatusCode = checkHTTPBasicAuthorize(request); if (resultStatusCode != ) { HttpServletResponse httpResponse = (HttpServletResponse) response; racterEncoding("UTF-8");

tentType("application/json; charset=utf-8");

tus(_UNAUTHORIZED); ObjectMapper mapper = new ObjectMapper();

ResultMsg resultMsg = new ResultMsg(SION_code(), SION_msg(), null); ter().write(alueAsString(resultMsg)); return; } else { er(request, response); } } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub

}

private ResultStatusCode checkHTTPBasicAuthorize(ServletRequest request) { try { HttpServletRequest httpRequest = (HttpServletRequest)request; String auth = der("Authorization"); if ((auth != null) && (() > 6)) { String HeadStr = ing(0, 5).toLowerCase(); if (eTo("basic") == 0) { auth = ing(6, ());

String decodedAuth = getFromBASE64(auth); if (decodedAuth != null) { String[] UserArray = (":");

if (UserArray != null && == 2) { if (UserArray[0].compareTo(Name) == 0 && UserArray[1].compareTo(Password) == 0) { return ; } } } } } return SION_DENIED; } catch(Exception ex) { return SION_DENIED; }

} private String getFromBASE64(String s) {

if (s == null)

return null;

BASE64Decoder decoder = new BASE64Decoder();

try {

byte[] b = Buffer(s);

return new String(b);

} catch (Exception e) {

return null;

}

}}3、在SpringRestApplication类中注册过滤器，给user/*都加上http basic认证过滤器package ;import ist;import ;import Application;import BootApplication;import RegistrationBean;import ;import sicAuthorizeAttribute;@SpringBootApplicationpublic class SpringRestApplication { public static void main(String[] args) { (, args); }

@Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); HTTPBasicAuthorizeAttribute httpBasicFilter = new HTTPBasicAuthorizeAttribute(); ter(httpBasicFilter); List urlPatterns = new ArrayList(); ("/user/*"); Patterns(urlPatterns); return registrationBean; }}4、测试代码中固定⽤户名密码都为test，所以对接⼝进⾏请求时，需要添加以下认证头信息Authorization: Basic dGVzdDp0ZXN0dGVzdDp0ZXN0 为 test:test 经过base64编码后的结果如果未添加认证信息或者认证信息错误，返回没有权限的错误信息当认证信息正确，返回请求结果