Java 在loadUserDetails方法中捕获httpServeletRequest
我有一个定制的springJava 在loadUserDetails方法中捕获httpServeletRequest,java,spring,jakarta-ee,spring-security,Java,Spring,Jakarta Ee,Spring Security,我有一个定制的springAuthenticationProvider类,但尝试在loadUserDetails方法中拦截HTTPServletRequest和HTTPServletResponse @Component("darnGoodAuthenticaionProvider") public class DarnGoodAuthenticaionProvider extends HandlerInterceptorAdapter
AuthenticationProvider
类,但尝试在loadUserDetails
方法中拦截HTTPServletRequest
和HTTPServletResponse
@Component("darnGoodAuthenticaionProvider")
public class DarnGoodAuthenticaionProvider
extends HandlerInterceptorAdapter
implements AuthenticationUserDetailsService {
private HttpServletRequest request;
private HttpServletResponse response;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
this.request = request;
this.response = response;
// we don't want anything falling here
return true;
}
@Override
public UserDetails loadUserDetails(Authentication token)throws
UsernameNotFoundException{
.......
}
}
我知道HandlerIntercepterAdapter
中的preHandler
方法能够用于该作业,但我如何确保在loadUserDetails
之前调用preHandler
方法,以便我能够准备好请求和响应
在servlet容器上,每个请求都将从收到请求的那一刻起处理,直到只有一个线程返回响应为止(请求==当前线程) 因此,问题在于将servlet过滤器放在spring安全过滤器链之前(过滤器映射元素位于spring安全过滤器映射之上),并使用
ThreadLocal
变量将请求和响应存储在线程中-另请参见此
然后在
darngoodauthenticationprovider
上,使用静态方法RequestResponseHolder.getRequest()
访问请求
web.xml配置:
<filter>
<filter-name>saveRequestResponseFilter</filter-name>
<filter-class>sample.save.request.filter.SaveRequestResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>saveRequestResponseFilter</filter-name>
<url-pattern>/mobilews/*</url-pattern>
</filter-mapping>
public class SaveRequestResponseFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
RequestResponseHolder.setRequestResponse(req,resp);
try {
chain.doFilter(request, response);
}
finally {
RequestResponseHolder.clear();
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
...
}
@Override
public void destroy() {
...
}
}
public class RequestResponseHolder {
private static ThreadLocal<HttpServletRequest> requestHolder = new ThreadLocal<HttpServletRequest>();
private static ThreadLocal<HttpServletResponse> responseHolder = new ThreadLocal<HttpServletResponse>();
public static void setRequestResponse(HttpServletRequest request, HttpServletResponse response) {
requestHolder.set(request);
responseHolder.set(response);
}
public static HttpServletRequest getServletRequest(){
return requestHolder.get();
}
public static HttpServletResponse getServletResponse() {
return responseHolder.get();
}
public static void clear() {
requestHolder.remove();
responseHolder.remove();
}
}
HttpServletRequest req = RequestResponseHolder.getServletRequest();
请求/响应持有者:
<filter>
<filter-name>saveRequestResponseFilter</filter-name>
<filter-class>sample.save.request.filter.SaveRequestResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>saveRequestResponseFilter</filter-name>
<url-pattern>/mobilews/*</url-pattern>
</filter-mapping>
public class SaveRequestResponseFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
RequestResponseHolder.setRequestResponse(req,resp);
try {
chain.doFilter(request, response);
}
finally {
RequestResponseHolder.clear();
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
...
}
@Override
public void destroy() {
...
}
}
public class RequestResponseHolder {
private static ThreadLocal<HttpServletRequest> requestHolder = new ThreadLocal<HttpServletRequest>();
private static ThreadLocal<HttpServletResponse> responseHolder = new ThreadLocal<HttpServletResponse>();
public static void setRequestResponse(HttpServletRequest request, HttpServletResponse response) {
requestHolder.set(request);
responseHolder.set(response);
}
public static HttpServletRequest getServletRequest(){
return requestHolder.get();
}
public static HttpServletResponse getServletResponse() {
return responseHolder.get();
}
public static void clear() {
requestHolder.remove();
responseHolder.remove();
}
}
HttpServletRequest req = RequestResponseHolder.getServletRequest();
DarngoodAuthenticationProvider
拼写错误:)@Sotirios Delimanolis我不这么认为,我使用的是城市词典:D