Java Spring启动时,筛选器未限制为特定url
在SpringBoot应用程序中,我创建了几个API调用。我只想为几个URL添加一个过滤器。安全配置如下所示:Java Spring启动时,筛选器未限制为特定url,java,spring,spring-mvc,spring-boot,basic-authentication,Java,Spring,Spring Mvc,Spring Boot,Basic Authentication,在SpringBoot应用程序中,我创建了几个API调用。我只想为几个URL添加一个过滤器。安全配置如下所示: @Configuration @EnableWebMvc public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.
@Configuration
@EnableWebMvc
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.addFilterBefore(authenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().denyAll();
http.authorizeRequests().antMatchers("/api/user").permitAll();
}
AuthenticationFilter authenticationFilter() throws Exception
{
AuthenticationFilter filter = new AuthenticationFilter();
return filter;
}
}
public class AuthenticationFilter extends OncePerRequestFilter
{
public AuthenticationFilter()
{
super();
}
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
{
Enumeration<String> headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements()){
String headerName = headerNames.nextElement();
System.out.println("headerName " + headerName);
System.out.println("headerVal " + request.getHeader(headerName));
}
chain.doFilter(request,response);
}
}
除了/api/user
,我不想对任何api调用应用过滤器,所以我拒绝了所有URL,并允许/api/user
AuthorizationFilter类如下所示:
@Configuration
@EnableWebMvc
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.addFilterBefore(authenticationFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().denyAll();
http.authorizeRequests().antMatchers("/api/user").permitAll();
}
AuthenticationFilter authenticationFilter() throws Exception
{
AuthenticationFilter filter = new AuthenticationFilter();
return filter;
}
}
public class AuthenticationFilter extends OncePerRequestFilter
{
public AuthenticationFilter()
{
super();
}
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
{
Enumeration<String> headerNames = request.getHeaderNames();
while(headerNames.hasMoreElements()){
String headerName = headerNames.nextElement();
System.out.println("headerName " + headerName);
System.out.println("headerVal " + request.getHeader(headerName));
}
chain.doFilter(request,response);
}
}
公共类AuthenticationFilter扩展了OncePerRequestFilter
{
公共身份验证筛选器()
{
超级();
}
@凌驾
public void doFilterInternal(HttpServletRequest请求、HttpServletResponse响应、FilterChain链)引发IOException、ServletException
{
枚举headerNames=request.getHeaderNames();
while(headerNames.hasMoreElements()){
字符串headerName=headerName.nextElement();
System.out.println(“headerName”+headerName);
System.out.println(“headerVal”+request.getHeader(headerName));
}
链式过滤器(请求、响应);
}
}
这只是打印所有标题信息。目前,它正在打印所有api调用的标题信息,但我希望仅在
/api/user
的情况下打印,而不在任何其他api调用上打印。请建议我应该做哪些更改?找到了有效的解决方案
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**");
// add security constraints for /api/... here
}
/* rest of config */
}
您可以更灵活地在过滤器中定义@组件,并在SecurityConfig:-)中自动连接它