gpt4 book ai didi

spring - Spring Security:REST API需要哪个过滤器

转载 作者:行者123 更新时间:2023-12-02 15:23:37 24 4
gpt4 key购买 nike

我只需要在我的项目中使用Spring Security Basic HTML身份验证过滤器来保护REST API。

由于我是Spring Security的新手,所以我想知道其余过滤器链中不需要哪个过滤器。我已经做过一些研究,说securityContextPersistenceFilter是在任何身份验证过滤器之前设置所必需的,其他过滤器呢?

securityContextPersistenceFilter //It should be needed..
logoutFilter, // I'm not so sure about this..
authenticationProcessingFilter, // I guess it should not be necessary, because user will just use header to hold the credential
concurrentSessionFilter, // I guess no
basicAuthenticationFilter, // Should be needed
securityContextHolderAwareRequestFilter, //It's required because the need to judge the ROLE of the user
rememberMeAuthenticationFilter, // I guess no
anonymousAuthenticationFilter, // I'm not so sure
exceptionTranslationFilter, // Should be needed
filterInvocationInterceptor // I'm not so sure

我对列表中的所有内容都正确吗?

最佳答案

我认为您只需要:

securityContextPersistenceFilter // It should be needed..
basicAuthenticationFilter, // Should be needed
securityContextHolderAwareRequestFilter, // for internal stuff also
anonymousAuthenticationFilter, // for default/non-logged in user
exceptionTranslationFilter, // catches security exceptions
filterInvocationInterceptor // defines which url are accessible, etc

也有很好的描述: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html#d0e2952

关于spring - Spring Security:REST API需要哪个过滤器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31621130/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com