您好我已经创建了一个过滤传入IP的自定义过滤器。然而,在过滤器运行后,我得到一个空白页面。没有错误!我的过滤器是:
public class IPFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2 )throws IOException, ServletException {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null) {
ipAddress = request.getRemoteAddr();
}
if(!ipAddress.equals(ValidatedIP))
{
logger.debug("The IP address is invalid");
throw new BadCredentialsException("The IP address is not registered");
}
}
}
调试视图:
2016-12-14 16:02:18 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-12-14 16:02:18 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
2016-12-14 16:02:18 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-12-14 16:02:18 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-12-14 16:02:46 DEBUG HttpSessionSecurityContextRepository:192 - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication'
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 2 of 13 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 3 of 13 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-12-14 16:02:46 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@df877d
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 4 of 13 in additional filter chain; firing Filter: 'CsrfFilter'
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 5 of 13 in additional filter chain; firing Filter: 'LogoutFilter'
2016-12-14 16:02:46 DEBUG AntPathRequestMatcher:131 - Request 'GET /appointments/' doesn't match 'POST /logout
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 6 of 13 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-12-14 16:02:46 DEBUG AntPathRequestMatcher:131 - Request 'GET /appointments/' doesn't match 'POST /login
2016-12-14 16:02:46 DEBUG FilterChainProxy:324 - /appointments/ at position 7 of 13 in additional filter chain; firing Filter: 'IPFilter'
User's IP add 0:0:0:0:0:0:0:1
2016-12-14 16:02:46 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-12-14 16:02:46 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
在没有自定义过滤器的正常处理期间,调试列表为:
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-12-14 16:06:20 DEBUG HttpSessionSecurityContextRepository:171 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2016-12-14 16:06:20 DEBUG HttpSessionSecurityContextRepository:101 - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1e215c6. A new one will be created.
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-12-14 16:06:20 DEBUG HstsHeaderWriter:128 - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@1f6220e
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 4 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 5 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2016-12-14 16:06:20 DEBUG AntPathRequestMatcher:131 - Request 'GET /resources/js/global.js' doesn't match 'POST /logout
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 6 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2016-12-14 16:06:20 DEBUG AntPathRequestMatcher:131 - Request 'GET /resources/js/global.js' doesn't match 'POST /login
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-12-14 16:06:20 DEBUG AnonymousAuthenticationFilter:100 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5F2FDA8C9019F2D6559984A169289A9F; Granted Authorities: ROLE_ANONYMOUS'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-12-14 16:06:20 DEBUG FilterChainProxy:324 - /resources/js/global.js at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-12-14 16:06:20 DEBUG AntPathRequestMatcher:151 - Checking match of request : '/resources/js/global.js'; against '/appointments/*'
2016-12-14 16:06:20 DEBUG AntPathRequestMatcher:151 - Checking match of request : '/resources/js/global.js'; against '/schedule/*'
2016-12-14 16:06:20 DEBUG FilterSecurityInterceptor:218 - Secure object: FilterInvocation: URL: /resources/js/global.js; Attributes: [ROLE_ANONYMOUS, ROLE_USER, ROLE_ADMIN]
2016-12-14 16:06:20 DEBUG FilterSecurityInterceptor:347 - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90541710: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 5F2FDA8C9019F2D6559984A169289A9F; Granted Authorities: ROLE_ANONYMOUS
2016-12-14 16:06:20 DEBUG AffirmativeBased:65 - Voter: org.springframework.security.access.vote.RoleVoter@1bcc1ed, returned: 1
2016-12-14 16:06:20 DEBUG FilterSecurityInterceptor:242 - Authorization successful
2016-12-14 16:06:20 DEBUG FilterSecurityInterceptor:255 - RunAsManager did not change Authentication object
2016-12-14 16:06:20 DEBUG FilterChainProxy:309 - /resources/js/global.js reached end of additional filter chain; proceeding with original chain
2016-12-14 16:06:20 DEBUG DispatcherServlet:861 - DispatcherServlet with name 'dispatcher-servlet' processing GET request for [/spring-security/resources/js/global.js]
2016-12-14 16:06:20 DEBUG RequestMappingHandlerMapping:294 - Looking up handler method for path /resources/js/global.js
2016-12-14 16:06:20 DEBUG RequestMappingHandlerMapping:302 - Did not find handler method for [/resources/js/global.js]
2016-12-14 16:06:20 DEBUG SimpleUrlHandlerMapping:168 - Matching patterns for request [/resources/js/global.js] are [/resources/**]
2016-12-14 16:06:20 DEBUG SimpleUrlHandlerMapping:193 - URI Template variables for request [/resources/js/global.js] are {}
2016-12-14 16:06:20 DEBUG SimpleUrlHandlerMapping:123 - Mapping [/resources/js/global.js] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/resources/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@1755ea4]]] and 1 interceptor
2016-12-14 16:06:20 DEBUG DispatcherServlet:947 - Last-Modified value for [/spring-security/resources/js/global.js] is: -1
2016-12-14 16:06:20 DEBUG HttpSessionSecurityContextRepository:337 - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2016-12-14 16:06:20 DEBUG HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper:211 - Skip invoking on
2016-12-14 16:06:20 DEBUG DispatcherServlet:1034 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher-servlet': assuming HandlerAdapter completed request handling
2016-12-14 16:06:20 DEBUG DispatcherServlet:997 - Successfully completed request
2016-12-14 16:06:20 DEBUG ExceptionTranslationFilter:116 - Chain processed normally
2016-12-14 16:06:20 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
如果添加自定义过滤器,我看到的这些功能都丢失了:
2016-12-14 16:06:20 DEBUG HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper:211 - Skip invoking on
2016-12-14 16:06:20 DEBUG DispatcherServlet:1034 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher-servlet': assuming HandlerAdapter completed request handling
2016-12-14 16:06:20 DEBUG DispatcherServlet:997 - Successfully completed request
2016-12-14 16:06:20 DEBUG ExceptionTranslationFilter:116 - Chain processed normally
2016-12-14 16:06:20 DEBUG SecurityContextPersistenceFilter:105 - SecurityContextHolder now cleared, as request processing completed
有人可以指导我如何解决问题。它是过滤器的定位吗?我在FORM_LOGIN_FILTER之后添加它。
注意:使用Spring Security 4.0.2
- 谢谢