我试图在Spring Webflux + Spring Security中使用自定义过滤器链,但是我一直在不使用过滤器的情况下实例化默认链
2018-07-08 22:06:47.254信息1 --- [
main] o.s.s.web.DefaultSecurityFilterChain:创建过滤器 链: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@47f11d24, org.springframework.security.web.context.SecurityContextPersistenceFilter@4f16a0e1, org.springframework.security.web.header.HeaderWriterFilter@1364447c, org.springframework.security.web.csrf.CsrfFilter@268e9411, org.springframework.security.web.authentication.logout.LogoutFilter@3a5a5b54, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d63b77b, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@6a6d83c9, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@285f1f10, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1fdfe29, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6b011b2d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@28f02b25, org.springframework.security.web.session.SessionManagementFilter@582eb7e8, org.springframework.security.web.access.ExceptionTranslationFilter@741b158f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@296b60ad]
为了记录,我使用的是带有Configuration
,EnableWebFluxSecurity
和EnableReactiveMethodSecurity
批注的类
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebFluxSecurity {
@Bean
public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
http
.exceptionHandling()
.authenticationEntryPoint(entryPoint)
.and()
.authorizeExchange()
.anyExchange().permitAll()
.and()
.addFilterAt(authenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION)
.authorizeExchange()
.pathMatchers(AUTH_WHITELIST).permitAll()
.anyRequest()
.authenticated()
.httpBasic().disable()
.formLogin().disable()
.csrf().disable()
.logout().disable();
return http.build();
}
}
注意:这里需要的依赖项(例如auth管理器)是自动连接的,但出于这个目的,我没有包含它们
在主@EnableWebFluxSecurity
注释下方也添加了@SpringBootApplication
。
有人知道我如何使用Spring Webflux注释实例化此自定义过滤器吗?