Fatal编程技术网
  • security/
  • Security 安全筛选器链上缺少自定义筛选器

Security 安全筛选器链上缺少自定义筛选器

security filter

Security 安全筛选器链上缺少自定义筛选器,security,filter,chain,Security,Filter,Chain,我有一个简单的安全配置,在FilterSecurityInterceptor之前添加了一个CustomFilter(MyAuthorizationFilter) @Configuration @EnableWebSecurity(debug = true) @Profile({ "local", "test" }) @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled =

我有一个简单的安全配置,在FilterSecurityInterceptor之前添加了一个CustomFilter(MyAuthorizationFilter)

@Configuration 
@EnableWebSecurity(debug = true) 
@Profile({ "local", "test" }) 
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) 
@EnableResourceServer 
public class SecurityLocalConfig extends WebSecurityConfigurerAdapter {
    
    @Override   
    protected void configure(final HttpSecurity http) throws Exception {
        http.addFilterBefore(new MyAuthorizationFilter(), FilterSecurityInterceptor.class);           
    }

}
当应用程序启动时,我会在日志中看到它

2019-08-02 12:31:59.090信息74924---[重新启动主站] o、 s.s.web.DefaultSecurityFilterChain:创建筛选器链:任意 要求 [org.springframework.security.web.context.request.async。WebAsyncManagerIntegrationFilter@28d34c24, org.springframework.security.web.context。SecurityContextPersistenceFilter@4787d4da, org.springframework.security.web.header。HeaderWriterFilter@2219138f, org.springframework.security.web.csrf。CsrfFilter@2042e42, org.springframework.security.web.authentication.logout。LogoutFilter@518b63cb, org.springframework.security.web.savedrequest。RequestCacheAwareFilter@20d72122, org.springframework.security.web.servletapi。SecurityContextHolderAwareRequestFilter@4ab8dbdc, org.springframework.security.web.authentication。AnonymousAuthenticationFilter@3114a62d, org.springframework.security.web.session。SessionManagementFilter@29a651d9, org.springframework.security.web.access。ExceptionTranslationFilter@4d655a42, com.test.cash.http.filters.MyAuthorizationFilter@3dfefde8]

但是,当我调用API时,安全链中缺少MyAuthorizationFilter。我不确定我出了什么问题

Security filter chain: [
  WebAsyncManagerIntegrationFilter
  SecurityContextPersistenceFilter
  HeaderWriterFilter
  LogoutFilter
  OAuth2AuthenticationProcessingFilter
  RequestCacheAwareFilter
  SecurityContextHolderAwareRequestFilter
  AnonymousAuthenticationFilter
  SessionManagementFilter
  ExceptionTranslationFilter
  FilterSecurityInterceptor
]
我以前也有同样的问题。我的情况是,它创建了两个过滤器链,其中一个包含原始11个过滤器,另一个包含原始11个过滤器和自定义过滤器。您可以使用annotation@EnableResourceServer,它将自动构建这11个过滤器的高阶过滤器链