Java SpringBoot拦截器阻止使用Spring Security进行身份验证_Java_Spring_Spring Boot_Spring Security_Spring Restcontroller

Java SpringBoot拦截器阻止使用Spring Security进行身份验证

java spring spring-boot spring-security

Java SpringBoot拦截器阻止使用Spring Security进行身份验证,java,spring,spring-boot,spring-security,spring-restcontroller,Java,Spring,Spring Boot,Spring Security,Spring Restcontroller,我有一个非常简单的SpringBoot应用程序，它使用SpringSecurity在基本身份验证之后公开Rest服务。在我添加了一个拦截器之前，一切都很好，它位于一个自定义库中，通过@ComponentScan添加。现在，请求没有通过身份验证，返回401。有趣的是，如果我将拦截器直接添加到应用程序中，它就会按预期工作 InterceptorConfig.java @Configuration public class InterceptorConfig implements WebMvcC

我有一个非常简单的SpringBoot应用程序，它使用SpringSecurity在基本身份验证之后公开Rest服务。在我添加了一个拦截器之前，一切都很好，它位于一个自定义库中，通过

@ComponentScan

添加。现在，请求没有通过身份验证，返回401。有趣的是，如果我将拦截器直接添加到应用程序中，它就会按预期工作

InterceptorConfig.java

@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RestControllerMDCInterceptor()).addPathPatterns("/some-path/**");
    }
}

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    LdapConfig ldapConfig;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests().antMatchers("/actuator/**").permitAll()
        .anyRequest().fullyAuthenticated()
        .and().httpBasic()
        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().csrf().disable();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .ldapAuthentication()
        .contextSource()
        .url(ldapConfig.getUrl())
        .managerDn(ldapConfig.getAdminUser())
        .managerPassword(ldapConfig.getAdminPassword())
        .and()
        .userSearchBase(ldapConfig.getUserSearchBase())
        .userSearchFilter(ldapConfig.getUserSearchFilter())
        .groupSearchBase(ldapConfig.getGroupSearchBase())
        .groupSearchFilter(ldapConfig.getGroupSearchFilter());
    }
}

RestControllerMDCInterceptor.java

public class RestControllerMDCInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {

        MDC.put(someKey, request.getHeader("someKey"));
        
        return HandlerInterceptor.super.preHandle(request, response, handler);
    }
}

WebSecurityConfig.java

@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RestControllerMDCInterceptor()).addPathPatterns("/some-path/**");
    }
}

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    
    @Autowired
    LdapConfig ldapConfig;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests().antMatchers("/actuator/**").permitAll()
        .anyRequest().fullyAuthenticated()
        .and().httpBasic()
        .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and().csrf().disable();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .ldapAuthentication()
        .contextSource()
        .url(ldapConfig.getUrl())
        .managerDn(ldapConfig.getAdminUser())
        .managerPassword(ldapConfig.getAdminPassword())
        .and()
        .userSearchBase(ldapConfig.getUserSearchBase())
        .userSearchFilter(ldapConfig.getUserSearchFilter())
        .groupSearchBase(ldapConfig.getGroupSearchBase())
        .groupSearchFilter(ldapConfig.getGroupSearchFilter());
    }
}

如果你有什么想法，请告诉我。谢谢