Spring security 返回HTTP错误401代码&;跳过过滤链
使用定制的Spring安全过滤器,如果HTTP头不包含特定的键值对,我想返回HTTP401错误代码 例如:Spring security 返回HTTP错误401代码&;跳过过滤链,spring-security,Spring Security,使用定制的Spring安全过滤器,如果HTTP头不包含特定的键值对,我想返回HTTP401错误代码 例如: public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) r
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
final String val = request.getHeader(FOO_TOKEN)
if(val == null || !val.equals("FOO")) {
// token is not valid, return an HTTP 401 error code
...
}
else {
// token is good, let it proceed
chain.doFilter(req, res);
}
((HttpServletResponse)res).设置状态(401)setStatus(401)- 或者使用FilterChain对象(chain.doFilter())调用链中的下一个实体
- 或不将请求/响应对传递给筛选器链中的下一个实体以阻止请求处理
因此,设置响应状态代码并立即返回,而无需调用chain.doFilter是实现此目的的最佳选择。我建议以下解决方案
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
final String val = request.getHeader(FOO_TOKEN)
if (val == null || !val.equals("FOO")) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "The token is not valid.");
} else {
chain.doFilter(req, res);
}
}
照上面答案说的做就行了。“因此,设置响应状态代码并立即返回” 这只是类型:
res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
所以你可以用这样的东西
@Override
public void doFilter() {
if (whiteListOrigins.contains(incomeOrigin)) {
httpResponse.setHeader("Access-Control-Allow-Origin", incomeOrigin);
chain.doFilter(request, response);
} else {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "Not Allowed to Access. Please try with valid Origin.");
}
}
如果在
setStatuschain.doFilterjava.lang.IllegalStateException:Cannotcall sendError()中会出现此错误在提交响应后