gpt4 book ai didi

spring-security - SpringBoot UsernamePasswordAuthenticationFilter 问题

转载 作者:行者123 更新时间:2023-12-04 06:58:46 26 4
gpt4 key购买 nike

我正在延长 UsernamePasswordAuthenticationFilter这样我就可以添加自定义字段以将它们保存到 session 中。

public class AuthFilter extends UsernamePasswordAuthenticationFilter {

@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
//String dbValue = request.getParameter("dbParam");
//request.getSession().setAttribute("dbValue", dbValue);
System.out.println("attempting to authentificate");
while (request.getAttributeNames().hasMoreElements()) {
String e = (String) request.getAttributeNames().nextElement();
System.out.println("param name : " + e + " and param value : " + request.getAttribute(e));
}

return super.attemptAuthentication(request, response);
}
}

还有我的 WebSecurityConfig
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;


@Bean
public AuthFilter customUsernamePasswordAuthenticationFilter()
throws Exception {
AuthFilter customUsernamePasswordAuthenticationFilter = new AuthFilter();
customUsernamePasswordAuthenticationFilter
.setAuthenticationManager(authenticationManagerBean());
return customUsernamePasswordAuthenticationFilter;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(customUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

http.exceptionHandling().accessDeniedPage("/403").and()
.authorizeRequests().antMatchers("/login", "/public/**").permitAll()
.antMatchers("/users/**").hasAuthority("ADMIN")
.anyRequest()
.authenticated().and().formLogin().loginPage("/login")
.defaultSuccessUrl("/index").permitAll().and().logout()
.permitAll();


http.sessionManagement().maximumSessions(1)
.expiredUrl("/login?expired").and()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.invalidSessionUrl("/");
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.eraseCredentials(false)
.userDetailsService(userDetailsService);
}

映射过滤器:'customUsernamePasswordAuthenticationFilter' 到:[/*]

所以我确定过滤器已正确添加,但我永远无法打印出里面的内容,因此在身份验证期间不会调用它。

我使用 Thymeleaf 而没有 xml 配置。

作为@M。戴努姆建议,
我换了我的 UsernamePasswordAuthenticationFilter , 至 AbstractAuthenticationProcessingFilter ,称为 super(new AntPathRequestMatcher("/login","POST"));
已更改 addFilterAfteraddFilterBefore ,还有一些代码,它奏效了!

最佳答案

假设你使用的是最新的 Spring Boot (1.2.3) 你使用的是 Spring Security 3.2.7 这个版本映射了 UsernamePasswordAuthenticationFilter /j_spring_security_check .但是,当使用基于 Java 的配置时,这会更改为 /login .

您的仍然映射到旧 URL。修复此扩展 AbstractAuthenticationProcessingFilter添加一个默认的无参数构造函数,它调用采用 RequestMatcher 的 super 构造函数.这样做的缺点是,如果您仍然需要(或想要扩展)UsernamePasswordAuthenticationFilter 的功能你将不得不复制它。

public AuthFilter() {
super(new AntPathRequestMatcher("/login","POST"));
}

另一种解决方案是仍然扩展 UsernamePasswordAuthenticationFilter并调用 setRequiresAuthenticationRequestMatcher从那里。
public AuthFilter() {
super();
setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login","POST"));
}

或者您从工厂方法中调用该方法。
@Bean
public AuthFilter customUsernamePasswordAuthenticationFilter()
throws Exception {
AuthFilter customUsernamePasswordAuthenticationFilter = new AuthFilter();
customUsernamePasswordAuthenticationFilter
.setAuthenticationManager(authenticationManagerBean());
customUsernamePasswordAuthenticationFilter
.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login","POST"));
return customUsernamePasswordAuthenticationFilter;
}

你的配置还有另一个问题,你的过滤器永远不会被执行,因为它是在默认 UsernamePasswordAuthenticationFilter 之后执行的。并且身份验证已经发生,您的过滤器将永远不会执行。确保它在默认过滤器之前执行。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(customUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
...
}

关于spring-security - SpringBoot UsernamePasswordAuthenticationFilter 问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30287568/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com