Java 验证弹簧启动过滤器的正确用法
我有一个过滤器,用于验证ReactJS/Spring启动应用程序的许可证:Java 验证弹簧启动过滤器的正确用法,java,spring-boot,Java,Spring Boot,我有一个过滤器,用于验证ReactJS/Spring启动应用程序的许可证: @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class LicenseFilter extends OncePerRequestFilter { private LicenseController licenseController; @Autowired public LicenseFilter(LicenseController
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class LicenseFilter extends OncePerRequestFilter {
private LicenseController licenseController;
@Autowired
public LicenseFilter(LicenseController licenseController) {
this.licenseController = licenseController;
}
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
try {
if (licenseController.isLicenseValid()) {
httpServletResponse.setStatus(200);
} else {
httpServletResponse.setStatus(401);
}
} catch (Exception e) {
logger.error("An error occurred while validating license in the filter", e);
httpServletResponse.setStatus(401);
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
上面的过滤器按预期工作,我只是想验证使用是否正确。尤其是行filterChain.doFilter(httpServletRequest,httpServletResponse)
仅供参考:LicenseFilter之后还有一个用于验证身份验证的筛选器
谢谢
更新:
之前,上面的过滤器通常如下所示:
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class LicenseFilter extends OncePerRequestFilter {
private LicenseController licenseController;
@Autowired
public LicenseFilter(LicenseController licenseController) {
this.licenseController = licenseController;
}
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
try {
if (licenseController.isLicenseValid()) {
filterChain.doFilter(httpServletRequest, httpServletResponse); // change is here
} else {
httpServletResponse.setStatus(401);
}
} catch (Exception e) {
logger.error("An error occurred while validating license in the filter", e);
httpServletResponse.setStatus(401);
}
}
}
当过滤器像这样实现时,它并没有像预期的那样工作。许可证已正确验证,但UI显示一个空屏幕,而不是重定向到登录页面(收到401时,UI重定向到登录页面)您尝试过吗?(请注意,您的代码将设置一个状态,然后无条件地将请求交给常规链,该链将设置其自身的状态并忽略您所说的内容。)确保您理解过滤器设计模式。如果您的过滤器正确地检查了某项内容,则让下一个过滤器执行过滤器。否则,停止过滤链。就像:
public void doFilter(req,res){if(checkSomeError){//设置响应状态和错误消息。}或者{filterChain.doFilter(req,res);}}
@chrylis onstrike-通过这样的实现,应用程序可以按预期工作。你能在我的邮箱里查一下更新吗question@meng你能在我的问题中检查一下更新是否正确吗?基本正确。只需更改httpServletResponse.setStatus(401)tohttpServletResponse.senderro(HttpStatus.UNAUTHORIZED.value(),“您的错误消息”)
以及更多内容,您可以参考org.springframework.security.web.authentication.www.BasicAuthenticationFilter#dofilterneternal()