gpt4 book ai didi

java - 自定义 Spring 过滤器导致链中的下一个过滤器不触发?

转载 作者:行者123 更新时间:2023-11-30 06:15:23 27 4
gpt4 key购买 nike

我正在使用一个自定义的 Spring Security 过滤器,它覆盖了 AbstractAuthenticationProcessingFilter 但我一定是写错了,因为它似乎永远不会调用过滤器链的其余部分。具体来说,我依靠 OpenEntityManagerInViewFilter 过滤器来确保 Jackson+Hibernate 可以处理延迟加载的对象。

如果我的 web.xml 首先有 OpenEntityManagerInViewFilter,一切正常:

<filter>
<filter-name>hibernateFilterChain</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>hibernateFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

但是,如果我将 springSecurityFilterChain 放在顶部,我的应用程序的行为就像我根本没有指定 OpenEntityManagerInViewFilter 一样。

这是我的 springSecurity.xml:

<?xml version="1.0"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

<security:http entry-point-ref="restAuthenticationEntryPoint"
use-expressions="true" create-session="stateless">

<security:custom-filter ref="authenticationTokenProcessingFilter"
position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/**"
access="isAuthenticated()" />

<security:logout />
</security:http>

<bean class="edu.ucdavis.dss.dw.security.CustomTokenAuthenticationFilter"
id="authenticationTokenProcessingFilter">
<constructor-arg type="java.lang.String">
<value>/**</value>
</constructor-arg>
</bean>

<security:authentication-manager>
<security:authentication-provider
user-service-ref="userService"></security:authentication-provider>
</security:authentication-manager>

<bean id="userService" class="edu.ucdavis.dss.dw.services.UserAuthenticationService"></bean>

</beans>

最后,这里是 CustomTokenAuthenticationFilter 本身,这可能会导致问题:

public class CustomTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
@Autowired @Qualifier("org.springframework.security.authenticationManager")
private AuthenticationManager authenticationManager;

public CustomTokenAuthenticationFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl));
setAuthenticationManager(new NoOpAuthenticationManager());
setAuthenticationSuccessHandler(new TokenSimpleUrlAuthenticationSuccessHandler());
}

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
String token = request.getParameter("token");

if(token == null) {
throw new AuthenticationServiceException("Token Missing");
}

Authentication authResponse;

try {
authResponse = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(token, "dssit"));
} catch (AuthenticationException e) {
throw new AuthenticationServiceException("Bad Token");
}

return authResponse;
}
}

总结:我制作了一个自定义安全过滤器,它似乎没有调用任何在它后面列出的过滤器。如果我删除我的自定义过滤器并使用像 security:http-basic 这样的内置东西,它工作正常。

在此先感谢您提供的任何帮助。

最佳答案

要不要试试加

public void doFilter(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException {

chain.doFilter(req, res);
}

到 CustomTokenAuthenticationFilter 类?

关于java - 自定义 Spring 过滤器导致链中的下一个过滤器不触发?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28909076/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com