Java HandlerInterceptorAdapter不';t使用Spring Security登录时运行
我的拦截器在所有请求中运行,登录时除外 拦截器:Java HandlerInterceptorAdapter不';t使用Spring Security登录时运行,java,spring,spring-boot,spring-security,interceptor,Java,Spring,Spring Boot,Spring Security,Interceptor,我的拦截器在所有请求中运行,登录时除外 拦截器: public class MultitenantHandler extends HandlerInterceptorAdapter { private static final Logger log = LoggerFactory.getLogger(MultitenantHandler.class); @Override public boolean preHandle(HttpServlet
public class MultitenantHandler extends HandlerInterceptorAdapter {
private static final Logger log = LoggerFactory.getLogger(MultitenantHandler.class);
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler){
String origin = req.getHeader("Origin");
log.debug("Origin: "+origin);
if (origin == null) {
origin = "localhost";
}
int indexDot = origin.indexOf(".");
int indexDash = origin.indexOf("://") + 3;
String tenant = "";
if (indexDot == -1) {
tenant = "experter";
log.warn("Using default tenant");
TenantContext.setCurrentTenant(tenant);
} else {
tenant = origin.substring(indexDash, indexDot);
log.info("Using tenant: " + tenant);
TenantContext.setCurrentTenant(tenant);
}
return true;
}
}
在WebMVCConfigureAdapter
上,我通过以下方式注册:
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new MultitenantHandler());
}
这是我的安全配置:
@Configuration
@EnableWebSecurity
@Profile({"development", "demo", "default"})
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfig.class);
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private JWTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private JWTAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private StatelessAuthenticationFilter statelessAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().permitAll()
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler);
http.logout().permitAll()
.logoutSuccessHandler(logoutSuccessHandler);
http.addFilterBefore(statelessAuthFilter, UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/v2/api-docs").hasRole("ADMIN")
.antMatchers("/login").permitAll()
.antMatchers("/login/changePassword").permitAll()
.antMatchers("/user/image").permitAll()
.antMatchers("/social/login/facebook").permitAll()
.antMatchers("/actuator/**").hasRole("ADMIN")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
log.info("Configuration of http complete.");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);
}
当我请求/login
时,拦截器不运行,而在其他请求中甚至没有记录拦截器工作正常
我需要在任何请求之前执行拦截器,因为我需要根据url请求设置数据库
如果您需要更多信息,请告诉我,我可以在这里发布。如果您有相同的问题,我使用过滤器@M.Deinum sugested解决了此问题。我使用了与验证身份验证令牌相同的过滤器。Spring安全性使用过滤器实现,这些过滤器在
DispatcherServlet
和您拥有的任何控制器/处理程序之前执行。因此,它当然不会运行。使用过滤器而不是HandlerInterceptor
实现它。感谢您的回复@M.Deinum。但是当我知道过滤器不会改变这个方法的行为时。根据“筛选器非常适合于请求内容和视图内容处理,如多部分表单和GZIP压缩。这通常显示何时需要将筛选器映射到某些内容类型(如图像)或所有请求。”您对筛选器的理解存在缺陷。您想要实现的目标无法通过处理程序拦截器实现,您必须使用过滤器。一个过滤器可以比一个Handlerinterceptor
做得更多,正如前面提到的,Spring Security是使用过滤器实现的,因此Handlerinterceptor
根本不是一个选项。太好了!我了解工作,能解决我的问题。