Java 使用自定义过滤器的Spring安全性
我创建了一个自定义过滤器,用于获取令牌,然后用令牌相关角色填充身份验证对象Java 使用自定义过滤器的Spring安全性,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我创建了一个自定义过滤器,用于获取令牌,然后用令牌相关角色填充身份验证对象 @Component public class TokenAuthenticationFilter extends GenericFilterBean { @Autowired private IAMUserDAO iamUserDAO; @Autowired CDBUserProfileDao cdbUserProfileDao; @Autowired IAMOAuth2
@Component
public class TokenAuthenticationFilter extends GenericFilterBean {
@Autowired
private IAMUserDAO iamUserDAO;
@Autowired
CDBUserProfileDao cdbUserProfileDao;
@Autowired
IAMOAuth2Dao iamOAuth2DAO;
final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) request;
final String accessToken = httpRequest.getHeader("Authorization");
logger.info("Request with token " + accessToken + " intercepted for rba purpose");
if (!StringUtil.isBlank(accessToken)) {
ResponseEntity<String> tokenResponse = Utils.validateAccessToken(httpRequest, iamOAuth2DAO);
if (tokenResponse.getStatusCode().equals(HttpStatus.OK)) {
try {
UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
if (userProfileResponse != null) {
String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(),
userProfileResponse.getRoles().getRole());
if (!StringUtil.isBlank(action)) {
List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
.map(s -> new SimpleGrantedAuthority(s)).collect(Collectors.toList());
final User user = new User("", "", true, true, true, true, authorities);
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
} catch (Exception e) {
logger.error("rba processing encounter an error " + e.getMessage());
}
}
}
logger.info("Exiting rba filter with token " + accessToken);
chain.doFilter(request, response);
}
}
应用程序已经存在,我只是尝试添加spring安全层。spring安全版本是4.2.3。在尝试实现此功能的几天后,
TokenAuthenticationFilter
不会加载,因此不会过滤任何请求。请提供帮助。由于在添加Spring安全层之前应用程序已经存在,因此我必须以以下方式在web.xml文件中添加过滤器:
<filter>
<filter-name>tokenAuthenticationFilter</filter-name>
<filter-class>com.mycompany.authenticateb.config.TokenAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>tokenAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
tokenAuthenticationFilter
com.mycompany.authenticateb.config.TokenAuthenticationFilter
tokenAuthenticationFilter
/*
<filter>
<filter-name>tokenAuthenticationFilter</filter-name>
<filter-class>com.mycompany.authenticateb.config.TokenAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>tokenAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>