我们正在尝试在我们的应用程序中实现Spring安全性。我们正在扩展RememberMeAuthenticationFilter。但麻烦的是我们的应用程序控制器在RememberMeAuthenticationFilter之前被调用。 是否有强制在应用程序控制器之前调用RememberMeAuthenticationFilter? 以下是我的配置。在调试模式下,我可以看到FilterChainProxy.VirtualFilterChain有两组过滤器 - 原始过滤器和其他过滤器。原始过滤器具有springSecurityFilterChain,但它不会调用自定义RememberMeAuthenticationFilter。其他过滤器具有RememberMeAuthenticationFilter。在原始过滤器结束时,通过DispatcherServlet调用Controller。
Web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security-context.xml
<http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint" create-session="ifRequired" >
<long list of intercept-url here>
<intercept-url pattern="/**" access="permitAll" requires-channel="any"/>
<custom-filter ref="rememberMeProcessingFilter" position="REMEMBER_ME_FILTER" />
<custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
</http>
<beans:bean id="rememberMeProcessingFilter" class="uk.co.and.dealofday.security.SecurityRememberMeAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="rememberMeServices" ref="rememberMeServices" />
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="uk.co.and.dealofday.security.SecurityUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="rememberMeServices" ref="rememberMeServices" />
<beans:property name="userService" ref="userService"/>
<beans:property name="securityHelper" ref="securityHelper" />
</beans:bean>
答案 0 :(得分:-1)
在自定义remember过滤器
authentication过滤器
<custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER" />
<custom-filter ref="rememberMeProcessingFilter" position="REMEMBER_ME_FILTER" />