如何在spring-security中的另一个过滤器之前添加过滤器?

时间:2017-06-20 11:16:28

标签: java spring spring-security

我的应用程序有两种不同的安全配置。一个OAuth2SecurityConfiguration,另一个LdapSecurityConfiguration。在OAuth2SecurityConfiguration我有以下安全配置和2个filteres:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
            .and()
                .authorizeRequests()
                .antMatchers(OAUTH_ENDPOINT).permitAll()
                .anyRequest().authenticated()
            .and()
                .logout()
                .logoutUrl(LOGOUT_ENDPOINT)
                .logoutSuccessUrl("/")
                .addLogoutHandler(oAuthLogoutHandler)
            .and()
                .addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class)
                .addFilterBefore(oAuth2AuthenticationProcessingFilter, FilterSecurityInterceptor.class)
                // anonymous login must be disabled,
                // otherwise an anonymous authentication will be created,
                // and the UserRedirectRequiredException will not be thrown,
                // and the user will not be redirected to the authorization server
                .anonymous().disable();
}

LdapSecurityConfiguration安全配置:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
                .authorizeRequests()
                .antMatchers(AUTH_ENDPOINT).permitAll()
                .anyRequest().authenticated()
            .and()
                .logout()
            .and()
                .addFilterBefore(authenticationFilter, OAuth2ClientContextFilter.class);
}

但是当初始化过滤器链时,我收到此错误:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
    ... 36 more
Caused by: java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter
    at org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183)
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039)
    at com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:224)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:86)
    at com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init(<generated>)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371)
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325)
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3(<generated>)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
    ... 37 more

2 个答案:

答案 0 :(得分:0)

  

如何在spring-security中的另一个过滤器之前添加过滤器?

id()

  

未注册的过滤器

后无法注册

但前提是您之前尝试添加的那个实际上是

问题是你有两个独立的配置。您需要确保以正确的顺序(使用addFilterBeforeOrdered)应用它们,或者只是将它们合并为一个配置。

另请注意,您的配置尝试以不同方式配置@Orderlogout()。你无法做到这两种方式。

答案 1 :(得分:0)

答案帮助了我:https://stackoverflow.com/a/32227901/1110253。我用自定义过滤器“包装”OAuth2AuthenticationProcessingFilter。

相关问题
最新问题