我需要在过滤器中使用自动装配。所以我使用@Component注释我的过滤器类,
import org.springframework.web.filter.GenericFilterBean;
@Component
public class TokenAuthorizationFilter extends GenericFilterBean {
@Autowired
public EnrollCashRepository enrollCashRepository;
}
然后我在SecurityConfig中添加我的过滤器,
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity.ignoring().antMatchers(HttpMethod.GET, "/health");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new TokenAuthorizationFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers("/api/**").authenticated();
}
我的问题是我的过滤器被@Component注释调用了两次。如果我删除@Component注释,它只会调用一次。
然后我在下面添加我的Spring启动主类中的修复程序。然后我在SecurityConfig中评论addFilterBefore行。
@Bean
public FilterRegistrationBean tokenAuthFilterRegistration() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new PITokenAuthorizationFilter());
filterRegistrationBean.setOrder(1);
filterRegistrationBean.setEnabled(false);
return filterRegistrationBean;
}
但是我的过滤器会被调用一次。但即使我使setEnabled为true或false,当我调用我的rest api时,我得到403 Forbiddon错误,http://localhost:8080/api/myservice
我如何解决这种情况,我可以在Spring Filter中使用@Autowired?
编辑:添加控制器和过滤器类,
@RestController
@RequestMapping(value = "/api")
public class SpringToolController {
@RequestMapping(value = "/myservice", method = RequestMethod.GET)
public HttpEntity<String> myService() {
System.out.println("-----------myService invoke-----------");
return new ResponseEntity<String>(HttpStatus.OK);
}
}
public class TokenAuthorizationFilter extends GenericFilterBean {
public TokenAuthorizationFilter(EnrollCashRepository enrollCashRepository) {
this.enrollCashRepository = enrollCashRepository;
}
public EnrollCashRepository enrollCashRepository;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
System.out.println("before PITokenAuthorizationFilter");
chain.doFilter(servletRequest, servletResponse);
System.out.println("after PITokenAuthorizationFilter");
}
public EnrollCashRepository getEnrollCashRepository() {
return enrollCashRepository;
}
public void setEnrollCashRepository(EnrollCashRepository enrollCashRepository) {
this.enrollCashRepository = enrollCashRepository;
}
}
答案 0 :(得分:7)
删除FilterRegistrationBean并在TokenAuthorizationFilter内初始化SecurityConfig,如下所示:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public EnrollCashRepository enrollCashRepository;
@Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity.ignoring().antMatchers(HttpMethod.GET, "/health");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.addFilterBefore(tokenAuthorizationFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers("/api/**").authenticated();
}
private TokenAuthorizationFilter tokenAuthorizationFilter()
{
return new TokenAuthorizationFilter(enrollCashRepository);
}
}
删除@Autowired和@Component注释,并使用构造函数注入设置EnrollCashRepository:
import org.springframework.web.filter.GenericFilterBean;
public class TokenAuthorizationFilter extends GenericFilterBean {
private final EnrollCashRepository enrollCashRepository;
public TokenAuthorizationFilter(EnrollCashRepository enrollCashRepository)
{
this.enrollCashRepository = enrollCashRepository
}
}
答案 1 :(得分:0)
我现在为我的工人类添加了一个测试过滤器,它运行正常。以下是与之相关的代码。
@Component
public class TestFilter extends GenericFilterBean {
private static final Logger logger = LoggerFactory.getLogger(TestFilter.class);
@Autowired
UserService userService;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
logger.error("=====================AWESOME=======================");
chain.doFilter(request, response);
userService.activate("123"); //this works
}
}
@Configuration
@EnableWebSecurity
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TestFilter testFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
//loginFailureHandler.setDefaultFailureUrl("/login?error=true");
http.addFilterBefore(testFilter, BasicAuthenticationFilter.class);
//Http other config here.
}
}
@Configuration
@ImportResource({
"classpath*:/context.xml"
})
@PropertySources(
@PropertySource({
"classpath:/application.yml"
})
)
@Import({AppSecurityConfig.class, WebConfig.class,TestFilter.class})
public class AppConfig {
}