Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/340.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/jsf-2/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 在spring security中排除通过过滤器的身份验证_Java_Spring Boot_Spring Security_Jwt - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 在spring security中排除通过过滤器的身份验证

Java 在spring security中排除通过过滤器的身份验证

java spring-boot spring-security jwt

Java 在spring security中排除通过过滤器的身份验证,java,spring-boot,spring-security,jwt,Java,Spring Boot,Spring Security,Jwt,我想排除通过筛选器传递的url。我添加了许可证,但每次我发出身份验证请求时,它都会通过过滤器。顺便说一下,当我删除过滤器时,它会进行身份验证。我的目标是排除一些URL通过过滤器。这是我的配置和过滤器的代码: @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ @Autowired private MyUserDetailsService userDeta

我想排除通过筛选器传递的url。我添加了许可证,但每次我发出身份验证请求时,它都会通过过滤器。顺便说一下,当我删除过滤器时,它会进行身份验证。我的目标是排除一些URL通过过滤器。这是我的配置和过滤器的代码:

@EnableWebSecurity
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter{

    @Autowired
    private MyUserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }
    @Bean
    public AuthenticationManager customAuthenticationManager() throws Exception {
      return authenticationManager();
    }   
    @Autowired
    private JwtRequestFilter jwtRequestFilter;
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        http.csrf().disable()
        .authorizeRequests()
        .antMatchers("/AuthentificationController/**").permitAll()
        .antMatchers("/swagger-ui.html").permitAll()
        .anyRequest().authenticated()
        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterAfter(jwtRequestFilter,  UsernamePasswordAuthenticationFilter.class);

    }
}
这是我的过滤器的代码:

package tn.afriquecarglass.gestionstock.filters;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import tn.afriquecarglass.gestionstock.util.JwtUtil;
import tn.afriquecarglass.gestionstock.util.MyUserDetailsService;

@Component
public class JwtRequestFilter extends OncePerRequestFilter{

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    @Autowired
    private JwtUtil jwtUtil;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        final String authorizationHeader = request.getHeader("Authorization");
        String username = null;
        String jwt = null;
        if(authorizationHeader != null && authorizationHeader.startsWith("Bearer")) {
            jwt = authorizationHeader.substring(7);
            username = jwtUtil.extractUsername(jwt);
        }
        if(username!=null && SecurityContextHolder.getContext().getAuthentication() == null) {
            UserDetails userDetails = this.myUserDetailsService.loadUserByUsername(username);
            if(jwtUtil.validateToken(jwt, userDetails)) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null,userDetails.getAuthorities());
            usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            }
            filterChain.doFilter(request, response);
        }
    }

}
如果请求的路径与要绕过的路径列表匹配并委托给下一个筛选器,则可以在自定义筛选器本身中提供跳过的逻辑

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse 
response, FilterChain filterChain)
        throws ServletException, IOException {

    final String authorizationHeader = request.getHeader("Authorization");
    String username = null;
    String jwt = null;

    String reqPath = request.getRequestURI();

    // If not matched then continue to the next filter
    if ("/path_to_skipp".equals(reqPath )) {
         filterChain.doFilter(request, response);
       return;
    }

   // rest of your logic
   ...



}
如果您想从Spring Security的filterChain中完全排除URL,只需覆盖

configure(WebSecurity web)
方法

例如:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(final WebSecurity web) throws Exception {
        web.ignoring()
           .antMatchers("/yourUrls/**");
    }
}
您希望从筛选器中排除哪种URL