Question

我正在使用java配置进行spring安全性，我正试图替换这段代码而没有运气

    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />

无法找到有关如何在java配置中使用该位置的任何信息更新我试图通过java配置替换此代码，但没有运气

 <security:http
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="unauthorizedEntryPoint"
        authentication-manager-ref="authenticationManager">
    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
    <security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
    <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
    <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
</security:http>

<bean id="unauthorizedEntryPoint" class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.UnauthorizedEntryPoint" />

<bean class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
    <constructor-arg ref="userDao" />
</bean>

这是我的AuthenticationTokenProcessingFilter

public class AuthenticationTokenProcessingFilter extends UsernamePasswordAuthenticationFilter

{

private final UserDetailsService userService;


public AuthenticationTokenProcessingFilter(UserDetailsService userService)
{
    this.userService = userService;
}


@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
        ServletException
{
    HttpServletRequest httpRequest = this.getAsHttpRequest(request);

    String authToken = this.extractAuthTokenFromRequest(httpRequest);
    String userName = TokenUtils.getUserNameFromToken(authToken);

    if (userName != null) {

        UserDetails userDetails = this.userService.loadUserByUsername(userName);

        if (TokenUtils.validateToken(authToken, userDetails)) {

            UsernamePasswordAuthenticationToken authentication =
                    new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }

    chain.doFilter(request, response);
}


private HttpServletRequest getAsHttpRequest(ServletRequest request)
{
    if (!(request instanceof HttpServletRequest)) {
        throw new RuntimeException("Expecting an HTTP request");
    }

    return (HttpServletRequest) request;
}


private String extractAuthTokenFromRequest(HttpServletRequest httpRequest)
{
    /* Get token from header */
    String authToken = httpRequest.getHeader("X-Auth-Token");

    /* If token not found get it from request parameter */
    if (authToken == null) {
        authToken = httpRequest.getParameter("token");
    }

    return authToken;
}

希望这更清楚

Answer 1

Here是按执行顺序排列的过滤器类，使用addFilter类的HttpSecurity方法添加自己的过滤器：

@Override
public void configure(HttpSecurity http) throws Exception {
  http.addFilter(new AuthenticationTokenProcessingFilter());
  ...

您必须扩展或提供已定义的Spring过滤器的实例。订单基于班级或超类，因此您不必添加职位： JavaDoc

Spring java配置问题

1 个答案: