gpt4 book ai didi

java - 如何识别GET请求中地址中的参数是什么? request.getParameterMap() 总是返回 null

转载 作者:行者123 更新时间:2023-11-30 05:48:34 25 4
gpt4 key购买 nike

我正在使用 FilterInvocationSecurityMetadataSource 实现类实现 configure(HTTP HttpSecurity) 中请求的角色动态验证方法,但是,我遇到了问题getAttributes(Object object) 方法用于识别 GET 请求中地址中的参数是什么。例如,当/api/users/user.name 请求到达时,该请求的方法为 @GetMapping("/users/{login: "+ Constants.LOGIN_REGEX +"}"),如下我确实知道对于此请求,字符串 user.name 是 URI 中的一个值,基于 @GetMapping 中设置的内容?

我尝试使用 request.getParameterMap() 但它总是为 null。

到目前为止我做了什么:

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends ResourceServerConfigurerAdapter {
// ....
@Override
public void configure(HttpSecurity http) throws Exception {

http
.csrf().disable()
.addFilterBefore(corsFilter, CsrfFilter.class)
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(
O fsi) {
fsi.setSecurityMetadataSource(dynamicSecurityMetadataSource);
fsi.setAccessDecisionManager(new SecurityAccessDecisionManager());
return fsi;
}
});
}

// ...
}

实现过滤器调用安全元数据源:

@Component
public class DynamicSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

@Autowired
private SystemURLRepository systemURLRepository;

@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {

final HttpServletRequest request = ((FilterInvocation) object).getRequest();

// Get request method (post, get, delete, ...)
String requestMethod = request.getMethod();





// Get string url from request
String urlWithoutContextPath = request.getRequestURI().substring(request.getContextPath().length());

// Query to verify roles from URI`s
Optional<SystemURL> foundUrl = systemURLRepository.findAllByValue(urlWithoutContextPath);

// If exists in database, return Collection contains information Roles
if(foundUrl.isPresent()){
Collection<ConfigAttribute> rolesAllowed = foundUrl.get().getRolesAllowed().stream().map(this::configAttribute).collect(Collectors.toList());

return rolesAllowed;
}


return null;
}

// ...

}

最佳答案

Servlet 容器 don't parse the path ,它们仅处理查询字符串或 application/x-www-form-urlencoded 请求正文。来自 Servlet 规范第 3.1 节:

Data from the query string and the post body are aggregated into the request parameter set.

要提取路径,您需要自己解析它,尽管 spring-web 确实为其提供了一些支持(如果您对此情况感兴趣的话):

AntPathMatcher matcher = new AntPathMatcher();
UrlPathHelper helper = new UrlPathHelper();
Map<String, String> extracted =
matcher.extractUriTemplateVariables("/user/{userName}",
helper.getLookupPathForRequest(request));
String userName = extracted.get("userName");

请记住,Servlet 容器可能不会像解码查询字符串那样解码路径,这就是上面的代码使用 UrlPathHelper 首先解码路径的原因。

关于java - 如何识别GET请求中地址中的参数是什么? request.getParameterMap() 总是返回 null,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54405875/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com