Java Spring安全过滤器在从SpringBoot调用restapi时优先于J2EE过滤器
我有两份申请书,上面写着- 平台-这是纯spring MVC COM-它是spring引导应用程序 平台负责身份验证和授权 我在站台上有2个过滤器- 1-用于RestAPI身份验证(名称-APISeqFilter) 2-用于验证登录的用户输入(ValidationFilter) 在COM中,我有如下过滤器注册的java配置-(注意-不是web.xml) 在COM中导入的XML文件,如-Java Spring安全过滤器在从SpringBoot调用restapi时优先于J2EE过滤器,java,spring-boot,spring-mvc,filter,Java,Spring Boot,Spring Mvc,Filter,我有两份申请书,上面写着- 平台-这是纯spring MVC COM-它是spring引导应用程序 平台负责身份验证和授权 我在站台上有2个过滤器- 1-用于RestAPI身份验证(名称-APISeqFilter) 2-用于验证登录的用户输入(ValidationFilter) 在COM中,我有如下过滤器注册的java配置-(注意-不是web.xml) 在COM中导入的XML文件,如- @ImportResource({ "classpath*:platform-security-authent
@ImportResource({ "classpath*:platform-security-authentication.xml" })
具有在平台中定义的ValidationFilter声明,该声明应在通过UI登录时执行(不适用于REST API调用)
可疑区域-
1-可能是不同根上下文的问题
2-COM应用程序中的Web.xml对应配置(缺少用于在Rest API URL模式上声明过滤器的Web.xml)
@ImportResource({ "classpath*:platform-security-authentication.xml" })
<security:http auto-config="false" realm="My Realm" use-expressions="false">
<security:headers disabled="true"/>
<security:csrf disabled="true"/>
<!-- Form based Authentication -->
<security:form-login login-page="/jsp/frameworklogin.jsp" username-parameter="j_username" password-parameter="j_password"
default-target-url="/jsp/index.jsp" authentication-failure-url="/jsp/frameworklogin.jsp?login_error=1"
login-processing-url="/jsp/j_spring_security_check" always-use-default-target="true" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<security:custom-filter ref="HibernateSessionInViewFilter" position="FIRST" />
<security:custom-filter ref="compositePreAuthFilter" after="PRE_AUTH_FILTER" />
<security:custom-filter ref="compositePreAuthFilterBefore" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="ssoAuthenticationProcessingFilter" after="CAS_FILTER" />
<security:custom-filter ref="requestHeaderUserPatternPreAuthenticatedProcessingFilter" position="PRE_AUTH_FILTER" />
<security:custom-filter ref="validationFilter" before="BASIC_AUTH_FILTER" />
<security:custom-filter ref="SuiteSecurityFilter" position="LAST" />
<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
<security:session-management session-fixation-protection="newSession" />
</security:http>
@Configuration
@Slf4j
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/*").authenticated().and().csrf().disable();
}
}