弹出安全认证后附加请求标头

时间:2017-01-16 09:21:11

标签: spring spring-security microservices netflix-zuul

我们想在发布Spring安全认证后向我们的请求添加标头。

但是,标题不会被追加。 我们能够通过Zuul过滤器完成,但不能使用弹簧安全过滤器。

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    httpServletRequestWrapper = new HttpServletRequestWrapper(request) {
        @Override
        public String getHeader(String name) {
            if (name.equalsIgnoreCase(ENV - HEADER)) {

                return active;
            } else if (name.equalsIgnoreCase(USERID)) {

                return (String) authentication.getPrincipal();
            } else {
                return super.getHeader(name);
            }
        }
    };

    filterChain.doFilter(httpServletRequestWrapper, servletResponse);
}

2 个答案:

答案 0 :(得分:0)

运行过滤器,在安全配置文件中org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter之后添加Header以请求。

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()

    // Your existing security configurations

    // Assuming UsernamePasswordAuthenticationFilter is the filter 
    .addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}

UsernamePasswordAuthenticationFilter是用于Spring安全身份验证的enbuild spring过滤器。

答案 1 :(得分:0)

将您的yml或属性文件配置添加到

zuul:
  sensitiveHeaders: Cookie,Set-Cookie
  add-proxy-headers: true

然后zuul允许标题转到其他终点。