gpt4 book ai didi

java - 在 Spring Security 过滤器链之前设置 Cookie

转载 作者:行者123 更新时间:2023-12-01 22:31:58 24 4
gpt4 key购买 nike

我想设置一个引用cookie,因为我需要排除一些页面(例如错误、登录、注销等),以便能够在登录后重定向到最后调用但未排除的页面:

public class CookieReferrerFilter extends OncePerRequestFilter {
public static final String REFERRER_COOKIE_NAME = "REFERRER";

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!isReferrerExcluded(request)) {
Cookie sessionCookie = new Cookie(REFERRER_COOKIE_NAME, request.getRequestURI());
sessionCookie.setPath(!"".equals(request.getContextPath()) ? request.getContextPath() : "/");
sessionCookie.setSecure(false);
sessionCookie.setMaxAge(-1);

response.addCookie(sessionCookie);
}

filterChain.doFilter(request, response);
}

private boolean isReferrerExcluded(HttpServletRequest request) {
for (String pattern : EXCLUDED_REFERRER) {
if (new AntPathRequestMatcher(pattern).matches(request)) {
return true;
}
}

return false;
}
}

但是 Spring Security 过滤器链在 CookieReferrerFilter 之前被触发。因此,调用安全页面将立即将我重定向到登录页面,而无需调用 CookieReferrerFilter.doFilterInternal 之前且未设置 cookie。

有一个配置 webbapp 的类(设置配置类、映射、过滤器),它扩展了 AbstractAnnotationConfigDispatcherServletInitializer:

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { ApplicationContextConfig.class };
}

@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}

@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}

@Override
protected Filter[] getServletFilters() {
CookieReferrerFilter cookieReferrerFilter = new CookieReferrerFilter();

CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);

return new Filter[] { cookieReferrerFilter, characterEncodingFilter };
}
}

另一个简单地扩展了AbstractSecurityWebApplicationInitializer:

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

最佳答案

假设您正在使用 Spring Security 的基于 Java 的配置,您可以让您的过滤器由 spring 管理,并将其添加到 Spring Security 过滤器链的开头(很大程度上受到 HttpSecurity javadoc 中示例的启发(请参阅下面的示例)一个链接):

 @Configuration
@EnableWebSecurity
public class HttpSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired CookieReferrerFilter cookieFilter;

@Autowired CharacterEncodingFilter encodingFilter;

@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(cookieFilter, ChannelProcessingFilter.class)
.addFilterBefore(encodingFilter, ChannelProcessingFilter.class)
//your configuration follows here
;
}
}

参见http://docs.spring.io/autorepo/docs/spring-security/current/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html#addFilter(javax.servlet.Filter)有关详细信息。

关于java - 在 Spring Security 过滤器链之前设置 Cookie,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27561920/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com