Fatal编程技术网
  • spring/
  • Spring 身份验证筛选器被重复调用

Spring 身份验证筛选器被重复调用

spring

Spring 身份验证筛选器被重复调用,spring,Spring,我为RESTAPI设置了spring安全性。这是我的rest通话示例, 获取:。执行时,将触发筛选器、提供程序和最终的onAuthenticationSuccess。问题是,在身份验证之后,它不会执行RESTURL,而是会多次返回过滤器。第二次,request.getRequestUrl将被删除 以下是我的security-context.xml: <http auto-config='false' authentication-manager-ref="authenticationM

我为RESTAPI设置了spring安全性。这是我的rest通话示例, 获取:。执行时,将触发筛选器、提供程序和最终的onAuthenticationSuccess。问题是,在身份验证之后,它不会执行RESTURL,而是会多次返回过滤器。第二次,request.getRequestUrl将被删除

以下是我的security-context.xml:

  <http auto-config='false' authentication-manager-ref="authenticationManager" entry-point-ref="authenticationEntryPoint">

    <intercept-url pattern="dashboard/**" access="ROLE_USER" />
    <csrf disabled="true"/>
    <custom-filter position="REMEMBER_ME_FILTER" ref="DashboardFilter"></custom-filter>
</http>


<authentication-manager alias="authenticationManager">
    <authentication-provider ref="DashboardAuthProvider"></authentication-provider>
</authentication-manager>

<beans:bean id="DashboardFilter" class="com.apple.store.dashboard.security.DashboardAuthFilter">
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="authenticationSuccessHandler">
        <beans:bean class="com.apple.store.dashboard.security.LoginSuccessHandler">


        </beans:bean>
    </beans:property>
</beans:bean>

<beans:bean id="authenticationEntryPoint" class="com.apple.store.dashboard.security.DashboardAuthEntryPoint">
</beans:bean>

<beans:bean id="DashboardAuthProvider" class="com.apple.store.dashboard.security.DashboardAuthProvider">  </beans:bean>
这是我的提供者:

public class DashboardAuthProvider implements AuthenticationProvider {

    private static final Logger logger = LoggerFactory.getLogger(DashboardAuthProvider.class);


    @Override
    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
        logger.debug("Inside DashboardAuthProvider: authenticate method +authentication=" + authentication);
        Authentication auth =null;
        final List<GrantedAuthority> grantedAuths = new ArrayList<>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
        try{
            String[] principalStrArr = ((String)authentication.getPrincipal()).split(":");
            //Convert the authentication principal object to a map

            if (principalStrArr[0].equals("test1") && principalStrArr[1].equals("test1"))
            {
                String username = principalStrArr[0];
                String password = principalStrArr[1];


                final UserDetails principal = new AccessInfo(username, password, grantedAuths);
                auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);

                logger.info("DashboardAuthProvider auth= " + auth);
            }
            else {
                logger.info("Wrong credential");
                return null;
            }
        }catch (Exception e){
            logger.error(
                    "Exception occured in DashboardAuthProvider during authentication",
                    e);
        }
        return auth;

    }
因为这就是您配置过滤器的目的。构造器中的
/**
是筛选器正在侦听的要调用的URL,即现在的每个URL,因此对于每个URL,此筛选器都会启动。但我一次只调用一个URL。在调用返回之前,过滤器仍会被调用好几次,其中被保护的、调用入口点的、调用过滤器的、被保护的、调用过滤器的、被保护的等等。有没有办法摆脱这种情况?如何配置url模式?我尝试了dashboard/**,但当我使用时,未触发筛选器?您不知道筛选器应仅应用于单个URL,入口点应将您发送到该URL。因为这是您配置筛选器的目的。构造器中的
/**
是筛选器正在侦听的要调用的URL,即现在的每个URL,因此对于每个URL,此筛选器都会启动。但我一次只调用一个URL。在调用返回之前,过滤器仍会被调用好几次,其中被保护的、调用入口点的、调用过滤器的、被保护的、调用过滤器的、被保护的等等。有没有办法摆脱这种情况?如何配置url模式?我尝试了dashboard/**,但当我使用时,筛选器未被触发?您不知道筛选器应仅应用于单个URL,入口点应将您发送到该URL。 
public class DashboardAuthProvider implements AuthenticationProvider {

    private static final Logger logger = LoggerFactory.getLogger(DashboardAuthProvider.class);


    @Override
    public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
        logger.debug("Inside DashboardAuthProvider: authenticate method +authentication=" + authentication);
        Authentication auth =null;
        final List<GrantedAuthority> grantedAuths = new ArrayList<>();
        grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
        try{
            String[] principalStrArr = ((String)authentication.getPrincipal()).split(":");
            //Convert the authentication principal object to a map

            if (principalStrArr[0].equals("test1") && principalStrArr[1].equals("test1"))
            {
                String username = principalStrArr[0];
                String password = principalStrArr[1];


                final UserDetails principal = new AccessInfo(username, password, grantedAuths);
                auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);

                logger.info("DashboardAuthProvider auth= " + auth);
            }
            else {
                logger.info("Wrong credential");
                return null;
            }
        }catch (Exception e){
            logger.error(
                    "Exception occured in DashboardAuthProvider during authentication",
                    e);
        }
        return auth;

    }

public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

            super.onAuthenticationSuccess(request, response, authentication);

    }