我正在Grails应用程序中实现自定义Spring Security过滤器,我希望仅在用户提交登录表单时应用它。
配置文件中的My Spring Security设置如下所示:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'package.User'
grails.plugins.springsecurity.authority.className = 'package.Role'
grails.plugins.springsecurity.providerNames = ['anonymousAuthenticationProvider', 'apiServiceProvider']
grails.plugins.springsecurity.portMapper.httpPort = 80
grails.plugins.springsecurity.portMapper.httpsPort = 443
grails.plugins.springsecurity.secureChannel.definition = [
'/css/**': 'ANY_CHANNEL',
'/home/**': 'ANY_CHANNEL',
'/images/**': 'ANY_CHANNEL',
'/js/**': 'ANY_CHANNEL',
'/**': 'REQUIRES_SECURE_CHANNEL'
]
grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugins.springsecurity.filterChain.chainMap = [
'/j_spring_security_check': 'myFilter',
'/**': 'JOINED_FILTERS'
]
过滤器类如下所示:
class MyFilter implements Filter {
@Override
void init(FilterConfig filterConfig) throws ServletException {}
@Override
void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(servletRequest, servletResponse)
}
@Override
void destroy() {}
}
以上内容在resources.groovy文件中连接为Spring bean,如下所示:
beans = {
myFilter (MyFilter)
...
}
当我导航到登录页面并在表单上按“提交”时,浏览器请求应用程序中的路径/ j_spring_security_check,过滤器运行(由调试器断点确定),但返回404错误浏览器。
配置中没有过滤器,即如果
'/j_spring_security_check': 'myFilter',
被注释掉,应用程序运行正常。
我尝试过在其他SO问题中描述的各种解决方案无济于事。
我错过了什么?
答案 0 :(得分:1)
问题非常明显,现在我已修复它......我需要在j_spring_security_check URL的map条目中包含所有其他标准Spring过滤器。然后配置中的过滤器映射变为:
grails.plugins.springsecurity.filterChain.chainMap = [
'/j_spring_security_check': 'myFilter,securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter',
'/**': 'JOINED_FILTERS'
]