我正在配置我的REST的安全性,我不知道如何保护我的方法,但允许过滤器触发设置我的权限
http
.authorizeRequests()
.antMatchers(PERSISTENCE_SERVICE_URL)
.hasAuthority(AUTHORITY_PERSISTENCE_SERVICE)
.and()
.csrf()
.disable();
在我的过滤器中扩展OncePerRequestFilter做了类似的事情
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
this.authenticationImpl.init();
String jwt = request.getHeader("jwt");
String refresh = request.getHeader("refresh");
if(jwt != null) {
this.jwtPropertyExtractor.commitJwt(jwt, refresh);
String jwtId = this.jwtPropertyExtractor.getIdentityId();
String securityRole = this.jwtPropertyExtractor.getSecurityRole();
this.authenticationImpl.setIdentityId(jwtId);
this.authenticationImpl.updateSecurityRole(securityRole);
SecurityContextHolder.getContext().setAuthentication(this.authenticationImpl);
}
filterChain.doFilter(request, response); }
因此,当我在我的配置中放置.hasAuthority(AUTHORITY_PERSISTENCE_SERVICE)时,我的过滤器甚至没有被触发,但我需要他设置我的身份验证。
答案 0 :(得分:0)
好的,我添加了
.addFilterBefore(jwtAuthorisationFilter(),
BasicAuthenticationFilter.class);
}
@Bean
public JwtAuthorisationFilter jwtAuthorisationFilter() {
return new JwtAuthorisationFilter(jwtExtractor(),
authenticationImpl());
}
现在它为该提示正常工作:>