Spring Impersonation SwitchUserFilter不工作|过滤器未添加到弹簧安全链

时间:2016-01-08 05:44:18

标签: java spring spring-mvc spring-security hybris

SwitchUserFilter Hybris 5.7

我正在尝试在Hybris 5.7中集成模拟功能。以下是我到目前为止所做的以下配置。

弹簧安全-config.xml中 

<security:http disable-url-rewriting="true"  request-matcher-ref="excludeUrlRequestMatcher" use-expressions="true">

    <!-- added customer filter to security chain -->
    <security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

</security:http>

<bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <property name="userDetailsService" ref="originalUidUserDetailsService" />
    <property name="switchUserUrl" value="/j_spring_security_switch_user" />
    <property name="exitUserUrl" value="/j_spring_security_exit_user" />
    <property name="targetUrl" value="/" />
</bean>

Web.xml中 

<filter>
    <filter-name>switchUserProcessingFilter</filter-name>
    <filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>switchUserProcessingFilter</filter-name>
    <url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>

现在每当我登录并尝试切换到另一个用户说user@xyz.com时,我都会收到 NullPointerException。

https://localhost:9002/store/j_spring_security_switch_user?j_username=user@xyz.com

错误:

java.lang.NullPointerException
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.training.storefront.filters.AcceleratorAddOnFilter.doFilter(AcceleratorAddOnFilter.java:92)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:230)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

我试图扩展SwitchUserFilter并对其进行调试。我发现SecurityContextHolder.getContext().getAuthentication();正在提供 null ,这就是请求失败的原因。

我也看到过非常有线的情况。我已经扩展SwitchUserFilter并添加我自己的服务来编写自定义代码,但我无法@Autowire它。

我还尝试在用户登录时在会话中设置身份验证。但我在扩展的SwitchUserFilter中找不到相同的会话属性。

在上面的代码中,我也将过滤器添加到安全过滤器链中。

<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

似乎SwitchUserFilter不知道会话设置或身份验证正在保存的任何内容。即使我做了正确的配置,我也不明白它为什么会发生。我也检查了其他相关问题,但无法修复它。

请帮我解决这个问题。如果您想要更多代码,请告诉我。

1 个答案:

答案 0 :(得分:0)

问题是我的过滤器没有在Spring Security Chain中绑定,所以我将过滤器直接注入过滤器链而不是使用custom-filter映射。

<强>弹簧滤波器-config.xml中 

<alias name="defaultStorefrontTenantDefaultFilterChainList" alias="storefrontTenantDefaultFilterChainList" />
<util:list id="defaultStorefrontTenantDefaultFilterChainList">

// Other filter chain

   <ref bean="switchUserProcessingFilter"/> //Added my filter here
</util:list>

并在spring-security-config.xml中添加switchUserProcessingFilter

因此,在web.xml文件和security-config.xml文件中的custom-filter中编写filter-mapping是没有用的。

相关问题
最新问题