除了登录时,我的拦截器在所有请求中运行。
拦截器:
public class MultitenantHandler extends HandlerInterceptorAdapter {
private static final Logger log = LoggerFactory.getLogger(MultitenantHandler.class);
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler){
String origin = req.getHeader("Origin");
log.debug("Origin: "+origin);
if (origin == null) {
origin = "localhost";
}
int indexDot = origin.indexOf(".");
int indexDash = origin.indexOf("://") + 3;
String tenant = "";
if (indexDot == -1) {
tenant = "experter";
log.warn("Using default tenant");
TenantContext.setCurrentTenant(tenant);
} else {
tenant = origin.substring(indexDash, indexDot);
log.info("Using tenant: " + tenant);
TenantContext.setCurrentTenant(tenant);
}
return true;
}
}
开WebMvcConfigurerAdapter我这样注册:
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new MultitenantHandler());
}
这是我的安全配置:
@Configuration
@EnableWebSecurity
@Profile({"development", "demo", "default"})
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfig.class);
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private JWTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private JWTAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private StatelessAuthenticationFilter statelessAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().permitAll()
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler);
http.logout().permitAll()
.logoutSuccessHandler(logoutSuccessHandler);
http.addFilterBefore(statelessAuthFilter, UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/v2/api-docs").hasRole("ADMIN")
.antMatchers("/login").permitAll()
.antMatchers("/login/changePassword").permitAll()
.antMatchers("/user/image").permitAll()
.antMatchers("/social/login/facebook").permitAll()
.antMatchers("/actuator/**").hasRole("ADMIN")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
log.info("Configuration of http complete.");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);
}
当我请求/login拦截器没有运行时,在其他请求中甚至没有记录拦截器正常工作。
我需要在任何请求之前执行拦截器,因为我需要根据url请求设置数据库。
如果您需要更多信息,请告诉我,我可以在这里发帖。
答案 0 :(得分:-1)
如果你有同样的问题,我使用过滤器解决了这个问题,因为@ M.Deinum sugested。我使用了用于验证身份验证令牌的相同过滤器。