我是filterBefore的问题,我的配置就像:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
.formLogin().disable()
.logout().disable()
.exceptionHandling()
.authenticationEntryPoint(unAuthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(new OncePerRequestFilter() {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
final String requestHeader = jwtTokenProvider.resolveToken(request);
boolean logged = false;
if (requestHeader != null && jwtTokenProvider.validateToken(requestHeader)) {
User user = jwtTokenProvider.getUser(requestHeader);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, null);
SecurityContextHolder.getContext().setAuthentication(authentication);
logged = true;
}
if (!logged) {
log.debug("No token found in the header");
}
chain.doFilter(request, response);
}
}, CsrfFilter.class);
}
filterBefore与我定义的所有路由完美配合,但是我有另外一条由外部jar暴露的路由,这些路由是不错的,但是我需要先使其通过filterBefore。
任何建议任何建议
谢谢。