我正在开发Spring Boot应用程序,并使用Spring
Security来保护我的应用程序。我创建了一个自定义过滤器,我想在UsernamePasswordAuthenticationFilter之后添加它。我使用HttpSecurity.addFilterAfter方法来执行此操作。
但是,我的过滤器从未被调用。请您帮助我。码:
MultiSessionCustomLMSFilter.java
public class MultiSessionCustomLMSFilter extends GenericFilterBean {
private final static Logger log = LoggerFactory.getLogger(MultiSessionCustomLMSFilter.class);
@Autowired private UserLoginLogRepository userLoginLogRepository;
private ObjectMapper mapper;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.debug("Inside doFilter of MultipleSessionFilter");
//CUSTOM APP SPECIFIC LOGIC GOES IN HERE
}
}
WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization";
public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
public static final String CSRF_ENTRY_POINT = "/api/auth/login/csrf";
public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
@Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
@Autowired private AuthenticationSuccessHandler successHandler;
@Autowired private AuthenticationFailureHandler failureHandler;
@Autowired private LoginAuthenticationProvider loginAuthenticationProvider;
@Autowired private JwtAuthenticationProvider jwtAuthenticationProvider;
@Autowired private TokenExtractor tokenExtractor;
@Autowired private AuthenticationManager authenticationManager;
@Autowired private ObjectMapper objectMapper;
@Autowired private JwtTokenFactory jwtTokenFactory;
protected LoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {
LoginProcessingFilter filter = new LoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT,FORM_BASED_LOGIN_ENTRY_POINT, CSRF_ENTRY_POINT);
SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler, tokenExtractor, matcher,objectMapper,jwtTokenFactory);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(loginAuthenticationProvider);
auth.authenticationProvider(jwtAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
.antMatchers(CSRF_ENTRY_POINT).permitAll()
// .antMatchers(MIQA_FORUM_ENTRY_POINT).permitAll()
.and()
.authorizeRequests()
.antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
.and().cors().and()
.addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(new MultiSessionCustomLMSFilter(),UsernamePasswordAuthenticationFilter.class);
}
引导期间调用过滤器时的应用程序日志:
Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1,
[org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@a457c2b,
org.springframework.security.web.context.SecurityContextPersistenceFilter@464aeb09,
org.springframework.security.web.header.HeaderWriterFilter@32da97fd,
org.springframework.web.filter.CorsFilter@16a6dc21,
org.springframework.security.web.authentication.logout.LogoutFilter@c0c8f96,
com.egmat.lms.security.auth.login.LoginProcessingFilter@5773d271,
com.egmat.lms.security.auth.jwt.JwtTokenAuthenticationProcessingFilter@59f45950,
com.egmat.lms.security.MultiSessionCustomLMSFilter@7871d261,
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@59d6642a,
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@288728e,
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@58164e9a,
org.springframework.security.web.session.SessionManagementFilter@4aa22cc2,
org.springframework.security.web.access.ExceptionTranslationFilter@e01a26b,
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5c70d7f0]
是LoginProcessingFilter
并JwtTokenAuthenticationProcessingFilter
继续过滤链吗?
过滤器需要执行以下操作来继续过滤器链:
chain.doFilter(request, response);
void register_prefilter(mixed function) Use this to dynamically register prefilters to run templates through before they are compiled. See template prefilters for more information on how to setup a pr
void register_postfilter(mixed function) Use this to dynamically register postfilters to run templates through after they are compiled. See template postfilters for more information on how to setup a
void register_outputfilter(mixed function) Use this to dynamically register outputfilters to operate on a template's output before it is displayed. See template output filters for more information on
问题内容: 有一个Spring Boot WebMVC应用程序,还有一个从AbstractPreAuthenticatedProcessingFilter继承的bean,我将其显式添加到Spring Security过滤器链中的特定位置。我的Spring Security配置如下所示: 安全配置有效。问题是,因为PreAuthenticationFilter类继承自AbstractPreAuthe
问题内容: 我正在尝试对我的ElasticSearch Server进行此查询。 基本上,我希望检索名称中与“ network”匹配的所有产品,但仅过滤与或匹配的产品。当我执行此查询时,我收到此错误信息。 我想这里的关键是,但无法理解这里出了什么问题。 问题答案: 是查询,而不是过滤器。 在这种情况下,您可能需要-filter。
有什么建议吗?