【问题标题】:Spring Security With Custom Filter带有自定义过滤器的 Spring Security
【发布时间】:2018-05-25 15:16:04
【问题描述】:

我创建了一个自定义过滤器,用于获取令牌,然后使用令牌相关角色填充身份验证对象

@Component
public class TokenAuthenticationFilter extends GenericFilterBean {
    @Autowired
    private IAMUserDAO iamUserDAO;
    @Autowired
    CDBUserProfileDao cdbUserProfileDao;
    @Autowired
    IAMOAuth2Dao iamOAuth2DAO;

    final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
            throws IOException, ServletException {

        final HttpServletRequest httpRequest = (HttpServletRequest) request;
        final String accessToken = httpRequest.getHeader("Authorization");
        logger.info("Request with token " + accessToken + " intercepted for rba purpose");

        if (!StringUtil.isBlank(accessToken)) {
            ResponseEntity<String> tokenResponse = Utils.validateAccessToken(httpRequest, iamOAuth2DAO);
            if (tokenResponse.getStatusCode().equals(HttpStatus.OK)) {
                try {
                    UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
                    if (userProfileResponse != null) {
                        String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(),
                                userProfileResponse.getRoles().getRole());
                        if (!StringUtil.isBlank(action)) {
                            List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
                                    .map(s -> new SimpleGrantedAuthority(s)).collect(Collectors.toList());
                            final User user = new User("", "", true, true, true, true, authorities);
                            final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
                                    user, null, user.getAuthorities());
                            SecurityContextHolder.getContext().setAuthentication(authentication);
                        }
                    }
                } catch (Exception e) {
                    logger.error("rba processing encounter an error " + e.getMessage());
                }
            }
        }
        logger.info("Exiting rba filter with token " + accessToken);
        chain.doFilter(request, response);
    }
}

然后我将该过滤器添加到 springsecuritycontext 中,如下所示:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(new TokenAuthenticationFilter());
        registrationBean.setEnabled(false);
        return registrationBean;
    }

    @Override
    protected void configure(final HttpSecurity http) throws Exception {

        // Implementing Token based authentication in this filter
        http.addFilterBefore(new TokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

        http.authorizeRequests().antMatchers("/calendar/search", "/calendar/v2/search")
                .access("hasRole('use-calendar') or hasRole('admin')").anyRequest().authenticated();
    }
}

应用程序已经存在,我只是尝试添加弹簧安全层。 Spring 安全版本是 4.2.3。经过几天尝试实现这一点,TokenAuthenticationFilter 没有加载,因此没有过滤请求。请帮忙。

【问题讨论】:

标签: java spring spring-mvc spring-security


【解决方案1】:

由于在添加 Spring Security 层之前应用程序已经存在,因此我必须通过以下方式在 web.xml 文件中添加过滤器:

     <filter>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <filter-class>com.mycompany.authenticateb.config.TokenAuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

【讨论】:

    猜你喜欢
    • 2015-07-10
    • 2011-08-23
    • 2014-07-28
    • 2013-07-22
    • 2014-10-24
    • 1970-01-01
    • 2011-07-23
    • 2011-07-21
    • 2017-02-02
    相关资源
    最近更新 更多