Java 使用自定义过滤器的Spring安全性_Java_Spring_Spring Mvc_Spring Security

Java 使用自定义过滤器的Spring安全性

java spring spring-mvc spring-security

Java 使用自定义过滤器的Spring安全性,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,我创建了一个自定义过滤器，用于获取令牌，然后用令牌相关角色填充身份验证对象 @Component public class TokenAuthenticationFilter extends GenericFilterBean { @Autowired private IAMUserDAO iamUserDAO; @Autowired CDBUserProfileDao cdbUserProfileDao; @Autowired IAMOAuth2

我创建了一个自定义过滤器，用于获取令牌，然后用令牌相关角色填充身份验证对象

@Component
public class TokenAuthenticationFilter extends GenericFilterBean {
    @Autowired
    private IAMUserDAO iamUserDAO;
    @Autowired
    CDBUserProfileDao cdbUserProfileDao;
    @Autowired
    IAMOAuth2Dao iamOAuth2DAO;

    final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
            throws IOException, ServletException {

        final HttpServletRequest httpRequest = (HttpServletRequest) request;
        final String accessToken = httpRequest.getHeader("Authorization");
        logger.info("Request with token " + accessToken + " intercepted for rba purpose");

        if (!StringUtil.isBlank(accessToken)) {
            ResponseEntity<String> tokenResponse = Utils.validateAccessToken(httpRequest, iamOAuth2DAO);
            if (tokenResponse.getStatusCode().equals(HttpStatus.OK)) {
                try {
                    UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
                    if (userProfileResponse != null) {
                        String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(),
                                userProfileResponse.getRoles().getRole());
                        if (!StringUtil.isBlank(action)) {
                            List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
                                    .map(s -> new SimpleGrantedAuthority(s)).collect(Collectors.toList());
                            final User user = new User("", "", true, true, true, true, authorities);
                            final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
                                    user, null, user.getAuthorities());
                            SecurityContextHolder.getContext().setAuthentication(authentication);
                        }
                    }
                } catch (Exception e) {
                    logger.error("rba processing encounter an error " + e.getMessage());
                }
            }
        }
        logger.info("Exiting rba filter with token " + accessToken);
        chain.doFilter(request, response);
    }
}

应用程序已经存在，我只是尝试添加spring安全层。spring安全版本是4.2.3。在尝试实现此功能的几天后，

TokenAuthenticationFilter

不会加载，因此不会过滤任何请求。请提供帮助。

由于在添加Spring安全层之前应用程序已经存在，因此我必须以以下方式在web.xml文件中添加过滤器：

     <filter>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <filter-class>com.mycompany.authenticateb.config.TokenAuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


tokenAuthenticationFilter
com.mycompany.authenticateb.config.TokenAuthenticationFilter
tokenAuthenticationFilter
/*

     <filter>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <filter-class>com.mycompany.authenticateb.config.TokenAuthenticationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>tokenAuthenticationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>