Spring Security-为什么要在没有我的过滤器的情况下实例化默认链?

时间:2018-07-08 22:17:08

标签: java spring spring-boot spring-security spring-webflux

我试图在Spring Webflux + Spring Security中使用自定义过滤器链,但是我一直在不使用过滤器的情况下实例化默认链

  

2018-07-08 22:06:47.254信息1 --- [
  main] o.s.s.web.DefaultSecurityFilterChain:创建过滤器   链:   org.springframework.security.web.util.matcher.AnyRequestMatcher@1,   [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@47f11d24,   org.springframework.security.web.context.SecurityContextPersistenceFilter@4f16a0e1,   org.springframework.security.web.header.HeaderWriterFilter@1364447c,   org.springframework.security.web.csrf.CsrfFilter@268e9411,   org.springframework.security.web.authentication.logout.LogoutFilter@3a5a5b54,   org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4d63b77b,   org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@6a6d83c9,   org.springframework.security.web.authentication.www.BasicAuthenticationFilter@285f1f10,   org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1fdfe29,   org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6b011b2d,   org.springframework.security.web.authentication.AnonymousAuthenticationFilter@28f02b25,   org.springframework.security.web.session.SessionManagementFilter@582eb7e8,   org.springframework.security.web.access.ExceptionTranslationFilter@741b158f,   org.springframework.security.web.access.intercept.FilterSecurityInterceptor@296b60ad]

为了记录,我使用的是带有ConfigurationEnableWebFluxSecurityEnableReactiveMethodSecurity批注的类

@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebFluxSecurity {
    @Bean
    public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) {
        http
            .exceptionHandling()
            .authenticationEntryPoint(entryPoint)
            .and()
            .authorizeExchange()
            .anyExchange().permitAll()
            .and()
            .addFilterAt(authenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION)
            .authorizeExchange()
            .pathMatchers(AUTH_WHITELIST).permitAll()
            .anyRequest()
            .authenticated()
            .httpBasic().disable()
            .formLogin().disable()
            .csrf().disable()
            .logout().disable();

        return http.build();
    }
}

注意:这里需要的依赖项(例如auth管理器)是自动连接的,但出于这个目的,我没有包含它们

在主@EnableWebFluxSecurity注释下方也添加了@SpringBootApplication

有人知道我如何使用Spring Webflux注释实例化此自定义过滤器吗?

0 个答案:

没有答案