I have added a token-based authentication in my application using AbstractAuthenticationProcessingFilter. Everything works fine up til forwarding the request once the authentication is successful. However, for some reasons, the handler method is not found. Can you please help?
2017-12-17 22:51:05,560 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:219][] Secure object: FilterInvocation: URL: /v1/userPreferences; Attributes: [permitAll]
2017-12-17 22:51:05,561 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:348][] Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9f6533a: Principal: org.springframework.security.core.userdetails.User@a30b921b: Username: U-71155f93-8413-457c-a045-256dc6ab0a93@poims001.ucc2.ucc.stgsip.t-mobile.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: update-enterprise; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: update-enterprise
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [AffirmativeBased:66][] Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4bf2a649, returned: 1
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:243][] Authorization successful
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:256][] RunAsManager did not change Authentication object
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterChainProxy:310][] /v1/userPreferences reached end of additional filter chain; proceeding with original chain
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:108][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] looking up handler for path: /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,574 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,575 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,578 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [SecurityContextPersistenceFilter:119][] SecurityContextHolder now cleared, as request processing completed
Here's my filter implementation:
public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter
{
final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());
@Autowired
private IAMUserDAO iamUserDAO;
@Autowired
private CDBUserProfileDao cdbUserProfileDao;
@Autowired
private IAMOAuth2Dao iamOAuth2DAO;
protected TokenAuthenticationFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl));
setAuthenticationManager(new TokenAuthenticationManager());
setAuthenticationSuccessHandler(new TokenAuthenticationSuccessHandler());
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
AbstractAuthenticationToken authToken = null;
String accessToken = request.getHeader("Authorization");
logger.info("Retrieving roles for token " + accessToken);
ResponseEntity<String> tokenResponse = Utils.validateAccessToken(request, iamOAuth2DAO);
if (tokenResponse.getStatusCode().equals(HttpStatus.OK)){
try {
UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
if(userProfileResponse != null){
String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(), userProfileResponse.getRoles().getRole());
logger.info("The action returned is " + action);
if(!StringUtil.isBlank(action)){
List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
.map(s -> new SimpleGrantedAuthority(s))
.collect(Collectors.toList());
User principal = new User(userProfileResponse.getTuid(), "", authorities);
authToken = new UsernamePasswordAuthenticationToken(principal, "", principal.getAuthorities());
}
}
}
catch(Exception e){
logger.error("rba processing encounter an error " + e.getMessage());
}
}
else{
logger.error(accessToken + " is an invalid token");
throw new AuthenticationServiceException("Invalid Token");
}
if(authToken == null){
logger.error("Authentication object couldn't be created");
throw new AuthenticationServiceException("Error creating authentication object");
}
else
logger.info("Authentication object created");
return authToken;
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}
}
Here's the AuthenticationSuccessHandler:
public class TokenAuthenticationSuccessHandler implements AuthenticationSuccessHandler{
final static Logger logger = Logger.getLogger(TokenAuthenticationSuccessHandler.class.getCanonicalName());
private String determineTargetUrl(HttpServletRequest request,
HttpServletResponse response) {
String context = request.getContextPath();
String fullURL = request.getRequestURI();
logger.info("The context is " + context + " and the full url is " + fullURL);
String url = fullURL.substring(fullURL.indexOf(context)+context.length());
return url;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String url = determineTargetUrl(request,response);
logger.info("Forwarding request after loading the authentication with url " + request.getRequestURL());
logger.info("The url is " + url);
request.getRequestDispatcher(url).forward(request, response);
}
}
答案 0 :(得分:0)
我在应用程序上下文和导致此问题的servlet上下文之间进行了错误的连接