我已经实现了自定义AuthenticationProvider
和自定义OncePerRequestFilter
。
这是我的配置,扩展了WebSecurityConfigurerAdapter
:
@Override
public void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(new CustomAuthProvider(settings));
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public CustomFilter customFilter() throws Exception {
return new CustomFilter(authenticationManagerBean());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(customFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/**")
.authenticated();
}
因此,我的过滤器被调用,它运行authenticationManager.authenticate(token)
并验证令牌,然后将其返回为已认证。但是,当我的过滤器继续使用chain.doFilter(request, response);
时,将再次调用AuthenticationProvider。我的配置有问题吗?