英文:
How to retrieve a token from a request
问题
我明白总是有一个基本上与请求粘连在一起的令牌,现在我想要获取检索一个令牌并附加,希望能得到一些想法。谢谢
@GetMapping("/current")
public ResponseEntity<UserDto> getCurrent() {
return ResponseEntity.ok(something);
}
在方法体内,我可能会实现另一个服务,其中构造函数以令牌为参数,然后进行一些相等性检查。
英文:
I understand that there is always a token that basically glued to the request, now i would like to get retrieve a token and stuck, would appreciate some thoughts. Thank you
@GetMapping("/current")
public ResponseEntity<UserDto> getCurrent() {
return ResponseEntity.ok(something);
}
in the method body i would probably implement another service where constructor is taking token as an argument for example then does some equality checks.
答案1
得分: 1
在您的控制器中接受 HttpServletRequest
。然后您可以从中提取任何标头。
@GetMapping("/current")
public ResponseEntity<UserDto> getCurrent(HttpServletRequest request) {
String token = request.getHeader("Authorization");
return ResponseEntity.ok(something);
}
如果您不想从控制器中获取 HttpServletRequest
,您可以像这样进行 Autowire
:
@Autowired
private HttpServletRequest request;
或者执行以下操作:
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
英文:
In your controller accept HttpServletRequest
. then you can extract any header from it.
@GetMapping("/current")
public ResponseEntity<UserDto> getCurrent(HttpServletRequest request) {
String token = request.getHeader("Authorization");
return ResponseEntity.ok(something);
}
If you don't want to take HttpServletRequest
from controller you can Autowire
it like this
@Autowired
private HttpServletRequest request;
or do the following
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
答案2
得分: 1
你的问题有点难以理解。你的 "token" 可能是任何东西。
我会尝试通用地回答你的问题:
例如,你有一些仅供注册用户使用的选项。如果你正在使用 JWT 安全性,你会为用户生成令牌,并将它们 "粘贴" 到请求/响应头中。
例如(这是我的当前 jUnit 测试):
protected MockHttpServletRequestBuilder getAuth(String url) {
return MockMvcRequestBuilders.get(url).header("Authorization", this.token);
}
令牌是使用 JWT 安全性生成的,一旦生成,我可以将其 "粘贴" 到头部。然后,我可以检查头部的内容并获取令牌值。
因此,要检查或获取此令牌,你必须检查头部的内容,就是这么简单
这是一个非常一般的例子。但主要思想是:
如果你添加了某些内容 - 你可以获取某些内容。但如果你没有生成令牌 - 你不会 "默认" 获取到一个,因为没有令牌,Java 不会为任何请求生成令牌。这是你必须首先创建的内容。
如果你不熟悉我在谈论什么 - 请从这里开始:
https://jwt.io/introduction/
英文:
Your question is quite hard to understand. Your "token" could be anything.
I'll try to answer your question in general:
For example, you have some option which is available only for registered users. If you are using jwt security, you generate tokens for users and "glue" them to request/response headers
For example (that's my current jUnit test):
protected MockHttpServletRequestBuilder getAuth(String url) {
return MockMvcRequestBuilders.get(url).header("Authorization", this.token);
}
And token is generated using jwt security, and after it's generated I can "glue" it to the headers. And I can just check what's in header and get token value.
So to check or get this token, you have to check what's in your header, just that simple
That's very general example. But the main idea is:
If you add something - you can get something. But if you haven't generated a token - you wouldn't get one "by default", because there is none, java do not generate tokens to any request. It's something you must first create first.
If you are uncommon with what I am talking about - please start from here:
https://jwt.io/introduction/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论