gpt4 book ai didi

java - HttpServletResponse#addHeader 有什么问题吗?

转载 作者:行者123 更新时间:2023-12-02 07:33:43 25 4
gpt4 key购买 nike

我正在我的网络应用程序过滤器中运行,该过滤器从外部源接收有关用户的信息,无论他是否登录。这是我的过滤器:

@Override
public void doFilter( ServletRequest request, ServletResponse response,
FilterChain chain ) throws IOException, ServletException
{
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;

String loginBean = httpRequest.getHeader( CommonVariables.LOGIN_BEAN );
if ( loginBean == null )
{
System.out.println( "FILTER-----------" );
try
{
String login;
String domain;
//Here i'm getting login and domain string
loginBean = domain + "\\" + login;
httpResponse.addHeader( "LoginBean", loginBean );
System.out.println( login + " " + domain );
} catch ( Exception e )
{
e.printStackTrace();
//redirect to login page
httpResponse.sendRedirect( "..." );
return;
}
}
chain.doFilter( request, response );
}

我不认为这些 header 将被传递到下一个过滤器中。因此我实现了 Spring Security PRE_AUTH_FILTER:

Spring 安全上下文

<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">
<!-- Additional http configuration omitted -->
<custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</http>

<beans:bean id="siteminderFilter" class=
"org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="LoginBean"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>

<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>

<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<beans:bean id="userDetailsService" class="com.execon.security.CustomUserDetailsService"/>

<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>

然后我尝试解析 CustoUserDetailsS​​ervice 中的 loginBean 字符串并接收实际的用户对象。但它没有被触发,并且应用程序失败并出现以下情况:

org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: LoginBean header not found in request.

那么这意味着标题设置错误?或者根本就没有设置?可能出了什么问题?

过滤器设置LoginBean首先被触发,然后是Spring SEcurity。标准输出工作正常,就像我一样:

17:12:15,669 INFO  [stdout] (http--127.0.0.1-8080-2) FILTER-----------
17:12:15,669 INFO [stdout] (http--127.0.0.1-8080-2) LOGIN DOMAIN

最佳答案

您正在响应中设置某些内容,并且Spring的类正在请求中寻找相同的内容。

修改传入的 HttpServletRequest 的唯一方法是对其进行修饰。您应该首先定义一个类,如下所示:

public class AuthHttpServletRequest extends HttpServletRequestWrapper
{
private String loginBean;

public AuthHttpServletRequest(HttpServletRequest aRequest, String loginBean)
{
super(aRequest);
this.loginBean = loginBean;
}

@Override
public String getHeader(String headerName)
{
if(CommonVariables.LOGIN_BEAN.equals(headerName)) {
return this.loginBean;
}
return super.getHeader(headerName);
}
}

然后,替换过滤器中的以下行:

httpResponse.addHeader( "LoginBean", loginBean );

这样:

request = new AuthHttpServletequest(httpRequest, loginBean);

然后,您的 chain.doFilter 获取请求,该请求可以按照您的预期将 loginBean 返回到过滤器链中的 Spring 身份验证过滤器类。

关于java - HttpServletResponse#addHeader 有什么问题吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12553491/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com