没有什么可以阻止您以创造性的方式使用Authorization标头，即通过将Android ID嵌入其中.然后，为了向终端添加身份验证，可以使用AOP拦截器:

Nothing prevents you from using Authorization header in a creative way, i.e., by embedding the Android ID into it. Then, in order to add authentication to your endpoints, you can use an AOP interceptor:

受保护的操作标记界面:

Protected operation marker interface:

@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface ProtectedOperation {
}

拦截器:

@Aspect
@Component
public class SecurityAspect {
    private CorporateService corpService; // this is your custom service to check Android IDs
    @Autowired
    public SecurityAspect(CorporateService corpService) {
        this.corpService = corpService;
    }
    @Around("@annotation(operation)")
    public Object protectedOperationPermissionCheck(final ProceedingJoinPoint pjp, final ProtectedOperation operation) throws Throwable {
        ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
        String header = requestAttributes.getRequest().getHeader("Authorization");
        String androidId = // get the ID from header - try not to use existing authorization header formats like Bearer, Negotiate etc. to avoid collision with other authentication systems
        if (corpService.isAuthorized(androidId)) {
            return pjp.proceed();
        }
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        response.flushBuffer();
        return null;
    }
}

确保为您的@Aspect支持添加spring-boot-starter-aop依赖项到pom.xml中

Make sure to add the spring-boot-starter-aop dependency to your pom.xml, for @Aspect support

保护端点，在@ProtectedOperation中注释控制器中的端点方法，然后将@EnableAspectJAutoProxy添加到您的Spring Boot应用程序中

to protect an endpoint, annotate the endpoint method in your controller with @ProtectedOperation, and add @EnableAspectJAutoProxy to your Spring Boot application