Java 在loadUserDetails方法中捕获httpServeletRequest_Java_Spring_Jakarta Ee_Spring Security

Java 在loadUserDetails方法中捕获httpServeletRequest

java spring jakarta-ee spring-security

Java 在loadUserDetails方法中捕获httpServeletRequest,java,spring,jakarta-ee,spring-security,Java,Spring,Jakarta Ee,Spring Security,我有一个定制的springAuthenticationProvider类，但尝试在loadUserDetails方法中拦截HTTPServletRequest和HTTPServletResponse @Component("darnGoodAuthenticaionProvider") public class DarnGoodAuthenticaionProvider extends HandlerInterceptorAdapter

我有一个定制的spring

AuthenticationProvider

类，但尝试在

loadUserDetails

方法中拦截

HTTPServletRequest

和

HTTPServletResponse

@Component("darnGoodAuthenticaionProvider")
public class DarnGoodAuthenticaionProvider 
                    extends HandlerInterceptorAdapter 
                    implements AuthenticationUserDetailsService {
    private HttpServletRequest request;
    private HttpServletResponse response;

    @Override
    public boolean preHandle(HttpServletRequest request, 
                            HttpServletResponse response, Object handler) 
                            throws Exception {
            this.request = request;
            this.response = response;
            // we don't want anything falling here
            return true;
}

    @Override
    public UserDetails loadUserDetails(Authentication token)throws 
                                                    UsernameNotFoundException{
           .......
    }
}

我知道

HandlerIntercepterAdapter

中的

preHandler

方法能够用于该作业，但我如何确保在

loadUserDetails

之前调用

preHandler

方法，以便我能够准备好请求和响应

在servlet容器上，每个请求都将从收到请求的那一刻起处理，直到只有一个线程返回响应为止（请求==当前线程）

因此，问题在于将servlet过滤器放在spring安全过滤器链之前（过滤器映射元素位于spring安全过滤器映射之上），并使用

ThreadLocal

变量将请求和响应存储在线程中-另请参见此

然后在

darngoodauthenticationprovider

上，使用静态方法

RequestResponseHolder.getRequest（）

访问请求

web.xml配置：

<filter>
    <filter-name>saveRequestResponseFilter</filter-name>
    <filter-class>sample.save.request.filter.SaveRequestResponseFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>saveRequestResponseFilter</filter-name>
    <url-pattern>/mobilews/*</url-pattern>
</filter-mapping>

public class SaveRequestResponseFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        RequestResponseHolder.setRequestResponse(req,resp);
        try {
            chain.doFilter(request, response);
        }
        finally {
            RequestResponseHolder.clear();
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        ...
    }

    @Override
    public void destroy() {
       ...
    }
}

public class RequestResponseHolder {

    private static ThreadLocal<HttpServletRequest> requestHolder = new ThreadLocal<HttpServletRequest>();
    private static ThreadLocal<HttpServletResponse> responseHolder = new ThreadLocal<HttpServletResponse>();


    public static void setRequestResponse(HttpServletRequest request, HttpServletResponse response) {
        requestHolder.set(request);
        responseHolder.set(response);
    }

    public static HttpServletRequest getServletRequest(){
         return requestHolder.get();
    }

    public static HttpServletResponse getServletResponse()  {
        return responseHolder.get();
    }

    public static void clear() {
        requestHolder.remove();
        responseHolder.remove();
    }
}

HttpServletRequest req = RequestResponseHolder.getServletRequest();

请求/响应持有者：

<filter>
    <filter-name>saveRequestResponseFilter</filter-name>
    <filter-class>sample.save.request.filter.SaveRequestResponseFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>saveRequestResponseFilter</filter-name>
    <url-pattern>/mobilews/*</url-pattern>
</filter-mapping>

public class SaveRequestResponseFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse resp = (HttpServletResponse) response;

        RequestResponseHolder.setRequestResponse(req,resp);
        try {
            chain.doFilter(request, response);
        }
        finally {
            RequestResponseHolder.clear();
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        ...
    }

    @Override
    public void destroy() {
       ...
    }
}

public class RequestResponseHolder {

    private static ThreadLocal<HttpServletRequest> requestHolder = new ThreadLocal<HttpServletRequest>();
    private static ThreadLocal<HttpServletResponse> responseHolder = new ThreadLocal<HttpServletResponse>();


    public static void setRequestResponse(HttpServletRequest request, HttpServletResponse response) {
        requestHolder.set(request);
        responseHolder.set(response);
    }

    public static HttpServletRequest getServletRequest(){
         return requestHolder.get();
    }

    public static HttpServletResponse getServletResponse()  {
        return responseHolder.get();
    }

    public static void clear() {
        requestHolder.remove();
        responseHolder.remove();
    }
}

HttpServletRequest req = RequestResponseHolder.getServletRequest();

DarngoodAuthenticationProvider

拼写错误：）@Sotirios Delimanolis我不这么认为，我使用的是城市词典：D