gpt4 book ai didi

java - 当第二个过滤器尝试写入响应流时,2 个链接的 AbstractAuthenticationProcessingFilter 导致 302 重定向

转载 作者:太空宇宙 更新时间:2023-11-04 09:53:00 28 4
gpt4 key购买 nike

我有 2 个过滤器,Filter1Filter2,它们都扩展了 AbstractAuthenticationProcessingFilterFilter1 已成功完成其工作并将请求链接到 Filter2。现在,当 Filter2 抛出 AuthenticationException 并由 Filter2 的 onAuthenticationFailure 方法处理时,响应将通过 HttpStatus 403 写入响应流,从而提交响应。但是在调用 doFilter 方法(在 Filter1 中)后,控件被链接回 Filter1 ,并且它重定向到“/”url,这导致 302 重定向状态,而不是我期望的 403 状态。有谁知道如何在异常期间跳过过滤器以避免重定向到“/”url?

它是 spring-boot 应用程序,两个过滤器都在 ApplicationConfig.java 中配置,并具有单独的 ErrorHandlers Errorhandler1Errorhandler2FirstFilter 已将身份验证状态设置为 true,第二个过滤器引发异常。但由于 Response 已由链中第二个过滤器的 Errorhandler2 ('AuthenticationFailureHandler') 提交,但控制权仍转到 Filter1 并重定向到“/”。

@Component
public class Filter2CustomErrorhandler implements AuthenticationFailureHandler {

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
CustomError error = new CustomError();
response.setContentType("application/json;charset=UTF-8");
response.setStatus(403);
response.getWriter().write(convertObjectToJson(error));
}

private String convertObjectToJson(Object object) throws JsonProcessingException {
ObjectMapper mapper = new ObjectMapper();
return mapper.writeValueAsString(object);
}

}

public class Filter1 extends AbstractAuthenticationProcessingFilter {

public Filter1(RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
}

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
Authentication authentication = new CustomAuthenticationToken("some-principal-1", "some-credential-1");
authentication.setAuthenticated(true);
SecurityContextHolder.getContext().setAuthentication(authentication);
return authentication;
}

@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}

@Override
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
super.setAuthenticationFailureHandler(failureHandler);
}
}


public class Filter2 extends AbstractAuthenticationProcessingFilter {

public Filter2(RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
}

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
Authentication authentication = new CustomAuthenticationToken("some-principal-2", "some-credential-2");
authentication.setAuthenticated(true);

throw new SecurityAuthenticationException("some-exception-message", new CustomException());

//SecurityContextHolder.getContext().setAuthentication(authentication);
//return authentication;
}

@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}

@Override
public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
super.setAuthenticationFailureHandler(failureHandler);
}
}

我期待 RestClient 中出现 HttpStatus 403。

最佳答案

解决方案:

  • 因此,实现此目的的另一种方法是使用单个AbstractAuthenticationProcessingFilter 和多个提供程序。

  • 各个提供者可以实现重写的支持方法特定的身份验证类型(例如ExampleAuthInstance扩展
    身份验证
    )。

  • 当您从过滤器调用提供程序时,例如this.getAuthenticationManager().authenticate( exampleAuthInstance ),支持 ExampleAuthInstance 的提供者,验证方法该提供程序的将被调用。

  • AuthenticationException 必须从过滤器本身抛出,而不是从提供者抛出。提供者可以抛出带有所需 HttpStatusCustomSecurityException,然后将其包装在 AuthenticationException 中并在过滤器级别抛出。然后将其委托(delegate)给可能需要响应流的适当的预配置故障处理程序

关于java - 当第二个过滤器尝试写入响应流时,2 个链接的 AbstractAuthenticationProcessingFilter 导致 302 重定向,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54471690/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com