(自定义)RestAuthenticationProcessingFilter排序的异常

时间:2014-02-24 09:00:00

标签: java spring rest spring-security

我尝试通过令牌将Rest身份验证添加到我的应用中。 我创建了一个简单的过滤器,其他任何东西都不打印消息:

public class RestAuthenticationProcessingFilter extends GenericFilterBean {

@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
        FilterChain arg2) throws IOException, ServletException {
    System.out.println(arg0);
            // EDIT 25/02/2014
            arg2.doFilter(arg0,arg1);
}

}

我正在使用Spring 4.0和Spring Security 3.2与JavaConfig。

我在我的适配器中添加了这个:

@Override
        protected void configure(HttpSecurity http) throws Exception {

            /*
             * @RemarqueDev Différence entre permitAll et anonymous : permitAll
             * contient anonymous. Anonymous uniquement pour non connecté
             */
            http.addFilter(new RestAuthenticationProcessingFilter());
            http.csrf().disable().headers().disable();
            http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());

当我运行jetty服务器时,收到此消息:

Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: The Filter class my.package.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.:
java.lang.IllegalArgumentException: The Filter class com.jle.athleges.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilter(HttpSecurity.java:1122)

为什么?

由于

2 个答案:

答案 0 :(得分:11)

AddFilter:

  

添加一个过滤器,该过滤器必须是其中一个过滤器的实例或扩展其中一个过滤器   在安全框架内提供。该方法确保了   自动处理过滤器的排序。订购   过滤器是:...

您的过滤器不是安全框架内过滤器的实例或扩展。

然而,您可以使用addFilterBefore或addFilterAfter。

例如:

addFilterBefore(new RestAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)

您可以在文档中找到安全过滤器链的顺序:

http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/config/annotation/web/HttpSecurityBuilder.html#addFilter%28javax.servlet.Filter%29

答案 1 :(得分:0)

Spring 定义了安全过滤器的排序规则,检查构造函数 org.springframework.security.config.annotation.web.builders.FilterComparator。当你调用 org.springframework.security.config.annotation.web.builders.HttpSecurity# 当 addFilter 时,它的方法会使用 org.springframework.security.config.annotation.web.builders.FilterComparator 内置的安全过滤器排序规则来检查过滤器是否注册。没有注册的时候会抛出“没有注册的订单”,就解决了。方法是手动提供注册顺序,调用org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterBefore或org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterAfter注册到一个内置过滤器之前或之后。请检查 spring 安全内部过滤器排序“https://docs.spring.io/spring-security/site/docs/5.4.2/reference/html5/#servlet-security-filters”。 -- 英文写得不好请见谅。

相关问题
最新问题