Java 验证后的Spring调用控制器
我有一个自定义的身份验证过滤器和提供程序,它检查Java 验证后的Spring调用控制器,java,spring,spring-boot,spring-security,Java,Spring,Spring Boot,Spring Security,我有一个自定义的身份验证过滤器和提供程序,它检查身份验证头,然后根据我的数据库进行验证。现在我想在身份验证之后调用控制器,而不是重定向,因为这是一个RESTAPI。如何使用当前请求调用控制器。我现在得到的只是一个带有HttpStatus 200的白色页面 @Bean @Qualifier("apiAuthenticationFilter") public TokenAuthenticationFilter apiAuthenti
身份验证
头,然后根据我的数据库进行验证。现在我想在身份验证之后调用控制器,而不是重定向,因为这是一个RESTAPI。如何使用当前请求调用控制器。我现在得到的只是一个带有HttpStatus 200的白色页面
@Bean
@Qualifier("apiAuthenticationFilter")
public TokenAuthenticationFilter apiAuthenticationFilter(TokenAuthenticationFailureHandler failureHandler,
TokenAuthenticationSuccessHandler successHandler) throws Exception {
TokenAuthenticationFilter filter = new TokenAuthenticationFilter();
filter.setAuthenticationManager(authenticationManagerBean());
filter.setAuthenticationFailureHandler(failureHandler);
filter.setAuthenticationSuccessHandler(successHandler);
return filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.authorizeRequests()
.antMatchers("/api/internal**").hasAuthority("READ_ALL")
.anyRequest().authenticated()
.and()
.addFilterBefore(apiAuthenticationFilter(null, null), UsernamePasswordAuthenticationFilter.class)
.authenticationProvider(this.appProvider)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.FORBIDDEN))
.and()
.cors().disable()
.formLogin().disable()
.csrf().disable()
.logout().disable();
}
好的,我想我已经解决了我的问题。问题出在my
TokenAuthenticationFilter
扩展的AbstractAuthenticationProcessingFilter
中。AbstractAuthenticationProcessingFilter
在成功进行身份验证后不会调用筛选器链
通过以下更改,可以在不重定向的情况下使用身份验证
标头:
public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
// ... attempAuthentication method and other stuff
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response); //THIS is very important as the original method
//does not execute this very important method
//cause the default is to use a redirect.
}
}