Spring Boot执行安全过滤器后,Spring Boot注册一个过滤器

时间:2019-05-14 13:08:51

标签: spring-boot spring-security security-context

我定义了2个过滤器,该过滤器应在每个请求上运行,但仅在Spring Boot设置SecurityContextHolder的上下文之后。 但是,我总是将SecurityContextHolder.getContext().getAuthentication()设为null。

这是我的过滤器配置:

@Bean
public FilterRegistrationBean SecurityContextHystrixRequestVariableSetterBean() throws Exception {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(securityContextHystrixRequestVariableSetterFilter());
    registration.setOrder(Ordered.LOWEST_PRECEDENCE);
    return registration;
}

@Bean
public FilterRegistrationBean HystrixRequestContextEnablerFilterBean() throws Exception {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(hystrixRequestContextEnablerFilter());
    registration.setOrder(Ordered.LOWEST_PRECEDENCE);
    return registration;
}

过滤器详细信息:

public class SecurityContextHystrixRequestVariableSetterFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        SecurityContextHystrixRequestVariable.getInstance().set(SecurityContextHolder.getContext());

        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

}

public class HystrixRequestContextEnablerFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HystrixRequestContext context = HystrixRequestContext.initializeContext();
        try {
            chain.doFilter(request, response);
        } finally {
            context.shutdown();
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

}

1 个答案:

答案 0 :(得分:0)

您可以使用OncePerRequestFilter

public class CustomFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
        //do   
        chain.doFilter(request, response);
    }    
}

@Configuration
public class CustomConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterAfter(new SecurityFilter(authenticationManager()), AnonymousAuthenticationFilter.class)
    }

}
相关问题
最新问题