接口优化，请求参数access_token , header Authorization , token

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java

@@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.crypto.password.PasswordReciprocal;
-import org.maxkey.util.AuthorizationHeaderUtils;
+import org.maxkey.util.RequestTokenUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -57,16 +57,19 @@ public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	 */
 	@Override
 	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
-		 _logger.trace("Oauth20ApiPermissionAdapter preHandle");
-		 String accessToken = AuthorizationHeaderUtils.resolveBearer(request);
-		 
-		 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
-		 
-		//判断应用的accessToken信息
-		if(authentication != null ){
-		    _logger.trace("authentication "+ authentication);
-		    return true;
-		}
+		 _logger.trace("OAuth20 API Permission Adapter pre handle");
+		 String accessToken =  RequestTokenUtils.resolveAccessToken(request);
+		 _logger.trace("access_token {} " , accessToken);
+		 try {
+			 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
+			//判断应用的accessToken信息
+			if(authentication != null ){
+			    _logger.trace("authentication "+ authentication);
+			    return true;
+			}
+		 }catch(Exception e) {
+			 _logger.error("load Authentication Exception ! ",e);
+		 }
 		
 		_logger.trace("No Authentication ... forward to /login");
         RequestDispatcher dispatcher = request.getRequestDispatcher("/login");

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java

@@ -61,14 +61,13 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	 */
 	@Override
 	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
-		 _logger.trace("RestApiPermissionAdapter preHandle");
-		String  authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
-		AuthorizationHeaderCredential headerCredential = AuthorizationHeaderUtils.resolve(authorization);
+		_logger.trace("Rest API Permission Adapter pre handle");
+		 AuthorizationHeaderCredential headerCredential = AuthorizationHeaderUtils.resolve(request);
 		 
 		//判断应用的AppId和Secret
 		if(headerCredential != null){
 			UsernamePasswordAuthenticationToken authenticationToken = null;
-			if(headerCredential.getCredentialType().equals(AuthorizationHeaderCredential.Credential.BASIC)) {
+			if(headerCredential.isBasic()) {
 			    if(StringUtils.isNotBlank(headerCredential.getUsername())&&
 			    		StringUtils.isNotBlank(headerCredential.getCredential())
 			    		) {
@@ -79,12 +78,12 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 			    	authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest);
 			    }
 			}else {
-				_logger.trace("Authentication bearer " + headerCredential.getCredential());
+				_logger.trace("Authentication bearer {}" , headerCredential.getCredential());
 				OAuth2Authentication oauth2Authentication = 
 						oauth20TokenServices.loadAuthentication(headerCredential.getCredential());
 				
 				if(oauth2Authentication != null) {
-					_logger.trace("Authentication token " + oauth2Authentication.getPrincipal().toString());
+					_logger.trace("Authentication token {}" , oauth2Authentication.getPrincipal().toString());
 					authenticationToken= new UsernamePasswordAuthenticationToken(
 			    			new User(
 			    					oauth2Authentication.getPrincipal().toString(),