Springsecurity-oauth2之TokenEndPoint(2)

    這篇是繼上一篇以後的。

    當咱們訪問/oauth/token時，首先會通過BasicAuthenticationFilter，以後纔會到TokenEndPoint

                                                                                圖1

    org.springframework.security.web.authentication.www.BasicAuthenticationFilter的doFilter調用doFilterInternal，以下List-1所示，會從頭部取出Authorization字段，由authenticationManager來處理。

    List-1

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    boolean debug = this.logger.isDebugEnabled();
    String header = request.getHeader("Authorization");
    if (header != null && header.startsWith("Basic ")) {
        try {
            String[] tokens = this.extractAndDecodeHeader(header, request);

            assert tokens.length == 2;

            String username = tokens[0];
            if (debug) {
                this.logger.debug("Basic Authentication Authorization header found for user '" + username + "'");
            }

            if (this.authenticationIsRequired(username)) {
                UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]);
                authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
                Authentication authResult = this.authenticationManager.authenticate(authRequest);
                if (debug) {
                    this.logger.debug("Authentication success: " + authResult);
                }