Java SpringBoot拦截器阻止使用Spring Security进行身份验证
我有一个非常简单的SpringBoot应用程序,它使用SpringSecurity在基本身份验证之后公开Rest服务。 在我添加了一个拦截器之前,一切都很好,它位于一个自定义库中,通过Java SpringBoot拦截器阻止使用Spring Security进行身份验证,java,spring,spring-boot,spring-security,spring-restcontroller,Java,Spring,Spring Boot,Spring Security,Spring Restcontroller,我有一个非常简单的SpringBoot应用程序,它使用SpringSecurity在基本身份验证之后公开Rest服务。 在我添加了一个拦截器之前,一切都很好,它位于一个自定义库中,通过@ComponentScan添加。 现在,请求没有通过身份验证,返回401。 有趣的是,如果我将拦截器直接添加到应用程序中,它就会按预期工作 InterceptorConfig.java @Configuration public class InterceptorConfig implements WebMvcC
@ComponentScan
添加。
现在,请求没有通过身份验证,返回401。
有趣的是,如果我将拦截器直接添加到应用程序中,它就会按预期工作
InterceptorConfig.java
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new RestControllerMDCInterceptor()).addPathPatterns("/some-path/**");
}
}
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
LdapConfig ldapConfig;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/actuator/**").permitAll()
.anyRequest().fullyAuthenticated()
.and().httpBasic()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.contextSource()
.url(ldapConfig.getUrl())
.managerDn(ldapConfig.getAdminUser())
.managerPassword(ldapConfig.getAdminPassword())
.and()
.userSearchBase(ldapConfig.getUserSearchBase())
.userSearchFilter(ldapConfig.getUserSearchFilter())
.groupSearchBase(ldapConfig.getGroupSearchBase())
.groupSearchFilter(ldapConfig.getGroupSearchFilter());
}
}
RestControllerMDCInterceptor.java
public class RestControllerMDCInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
MDC.put(someKey, request.getHeader("someKey"));
return HandlerInterceptor.super.preHandle(request, response, handler);
}
}
WebSecurityConfig.java
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new RestControllerMDCInterceptor()).addPathPatterns("/some-path/**");
}
}
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
LdapConfig ldapConfig;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/actuator/**").permitAll()
.anyRequest().fullyAuthenticated()
.and().httpBasic()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().csrf().disable();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.contextSource()
.url(ldapConfig.getUrl())
.managerDn(ldapConfig.getAdminUser())
.managerPassword(ldapConfig.getAdminPassword())
.and()
.userSearchBase(ldapConfig.getUserSearchBase())
.userSearchFilter(ldapConfig.getUserSearchFilter())
.groupSearchBase(ldapConfig.getGroupSearchBase())
.groupSearchFilter(ldapConfig.getGroupSearchFilter());
}
}
如果你有什么想法,请告诉我。谢谢