自定义过滤器无法在弹簧安全和弹簧调用自己的过滤器每次

时间:2018-04-05 06:13:08

标签: java hibernate spring-security jwt

使用spring安全性我正在尝试配置或调用自定义过滤器,但它会自动调用其预定义过滤器而不是自定义过滤器。 基本上当我从邮递员发送请求时,弹簧安全性并未检测到内置过滤器,因此无法检测到自定义过滤器。

自定义过滤器的配置类代码是

package com.security.config;

import java.util.ArrayList;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.security.Handler.CustomAuthenticationFailureHandler;
import com.security.Handler.CustomeAccessDeniedHandler;
import com.security.Handler.CustomeSuccessHandler;
import com.security.filter.UserNamePasswordFilter;
import com.security.provider.UserNamePasswordAuthProvider;
import com.security.utils.UrlAccess;

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    CustomeSuccessHandler Successhandler;
    @Autowired
    UserNamePasswordAuthProvider userNamePasswordAuthProvider;
    @Autowired
    CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
    @Autowired
    CustomeAccessDeniedHandler customeAccessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable();
        http.addFilterBefore(getUserNamePasswordFilter(),UsernamePasswordAuthenticationFilter.class);
        http.authorizeRequests().antMatchers("**/getAuthToken/**").access("hasAuthority('ADMIN')").anyRequest()
                .authenticated().and().exceptionHandling().authenticationEntryPoint(customeAccessDeniedHandler);
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {

        web.ignoring().antMatchers("/", "**/v0.1/**");//
        web.ignoring().antMatchers("**/resource/**");
    }

    @Bean
    public UserNamePasswordFilter getUserNamePasswordFilter() throws Exception {
        UserNamePasswordFilter filter = new UserNamePasswordFilter(UrlAccess.Get_Token_Url);

        filter.setAuthenticationManager(authenticationManager());
        filter.setAuthenticationSuccessHandler(Successhandler);
        filter.setAuthenticationFailureHandler(customAuthenticationFailureHandler);

        return filter;
    }

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        final List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
        list.add(getUserNamePasswordAuthProvider());
        return new ProviderManager(list);

    }

    public UserNamePasswordAuthProvider getUserNamePasswordAuthProvider() {
        return userNamePasswordAuthProvider;
    }

}

过滤器代码

package com.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


import com.security.model.UserNamePassword;




public class UserNamePasswordFilter extends AbstractAuthenticationProcessingFilter {




    public UserNamePasswordFilter(String url) {
     super(url);


    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {


        String username = request.getParameter("Username");
        String password = request.getParameter("Password");

        UserNamePassword usernamepassword = new UserNamePassword(username, password);

        return this.getAuthenticationManager().authenticate(usernamepassword);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
            Authentication authResult) throws IOException, ServletException {

        super.successfulAuthentication(request, response, chain, authResult);
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException failed) throws IOException, ServletException {

        super.unsuccessfulAuthentication(request, response, failed);
    }

}

错误是

  

org.springframework.security.authentication.InsufficientAuthenticationException:   需要完全身份验证才能访问此资源   org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:187)     在   org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:138)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)     在   org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)     在   org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)     在   org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)     在   org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)     在   org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)     在   org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)     在   org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)     在   org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)     在   org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     在   org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)     在   org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)     在   org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)     在   org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)     在   org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)     在   org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)     在   org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)     在   org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)     在   org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)     在   org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)     在   org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)     在   org.apache.coyote.AbstractProtocol $ ConnectionHandler.process(AbstractProtocol.java:790)     在   org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1459)     在   org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)     在   java.base / java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)     在   java.base / java.util.concurrent.ThreadPoolExecutor中的$ Worker.run(ThreadPoolExecutor.java:641)     在   org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)     在java.base / java.lang.Thread.run(Thread.java:844)

请帮助。

0 个答案:

没有答案
相关问题
最新问题