我们想在发布Spring安全认证后向我们的请求添加标头。
但是,标题不会被追加。 我们能够通过Zuul过滤器完成,但不能使用弹簧安全过滤器。
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
httpServletRequestWrapper = new HttpServletRequestWrapper(request) {
@Override
public String getHeader(String name) {
if (name.equalsIgnoreCase(ENV - HEADER)) {
return active;
} else if (name.equalsIgnoreCase(USERID)) {
return (String) authentication.getPrincipal();
} else {
return super.getHeader(name);
}
}
};
filterChain.doFilter(httpServletRequestWrapper, servletResponse);
}
答案 0 :(得分:0)
运行过滤器,在安全配置文件中org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter之后添加Header以请求。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()
// Your existing security configurations
// Assuming UsernamePasswordAuthenticationFilter is the filter
.addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}
UsernamePasswordAuthenticationFilter是用于Spring安全身份验证的enbuild spring过滤器。
答案 1 :(得分:0)
将您的yml或属性文件配置添加到
zuul:
sensitiveHeaders: Cookie,Set-Cookie
add-proxy-headers: true
然后zuul允许标题转到其他终点。