Spring 身份验证筛选器被重复调用
我为RESTAPI设置了spring安全性。这是我的rest通话示例, 获取:。执行时,将触发筛选器、提供程序和最终的onAuthenticationSuccess。问题是,在身份验证之后,它不会执行RESTURL,而是会多次返回过滤器。第二次,request.getRequestUrl将被删除 以下是我的security-context.xml:Spring 身份验证筛选器被重复调用,spring,Spring,我为RESTAPI设置了spring安全性。这是我的rest通话示例, 获取:。执行时,将触发筛选器、提供程序和最终的onAuthenticationSuccess。问题是,在身份验证之后,它不会执行RESTURL,而是会多次返回过滤器。第二次,request.getRequestUrl将被删除 以下是我的security-context.xml: <http auto-config='false' authentication-manager-ref="authenticationM
<http auto-config='false' authentication-manager-ref="authenticationManager" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="dashboard/**" access="ROLE_USER" />
<csrf disabled="true"/>
<custom-filter position="REMEMBER_ME_FILTER" ref="DashboardFilter"></custom-filter>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="DashboardAuthProvider"></authentication-provider>
</authentication-manager>
<beans:bean id="DashboardFilter" class="com.apple.store.dashboard.security.DashboardAuthFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="com.apple.store.dashboard.security.LoginSuccessHandler">
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="authenticationEntryPoint" class="com.apple.store.dashboard.security.DashboardAuthEntryPoint">
</beans:bean>
<beans:bean id="DashboardAuthProvider" class="com.apple.store.dashboard.security.DashboardAuthProvider"> </beans:bean>
这是我的提供者:
public class DashboardAuthProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(DashboardAuthProvider.class);
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
logger.debug("Inside DashboardAuthProvider: authenticate method +authentication=" + authentication);
Authentication auth =null;
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
try{
String[] principalStrArr = ((String)authentication.getPrincipal()).split(":");
//Convert the authentication principal object to a map
if (principalStrArr[0].equals("test1") && principalStrArr[1].equals("test1"))
{
String username = principalStrArr[0];
String password = principalStrArr[1];
final UserDetails principal = new AccessInfo(username, password, grantedAuths);
auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);
logger.info("DashboardAuthProvider auth= " + auth);
}
else {
logger.info("Wrong credential");
return null;
}
}catch (Exception e){
logger.error(
"Exception occured in DashboardAuthProvider during authentication",
e);
}
return auth;
}
因为这就是您配置过滤器的目的。构造器中的
/**
是筛选器正在侦听的要调用的URL,即现在的每个URL,因此对于每个URL,此筛选器都会启动。但我一次只调用一个URL。在调用返回之前,过滤器仍会被调用好几次,其中被保护的、调用入口点的、调用过滤器的、被保护的、调用过滤器的、被保护的等等。有没有办法摆脱这种情况?如何配置url模式?我尝试了dashboard/**,但当我使用时,未触发筛选器?您不知道筛选器应仅应用于单个URL,入口点应将您发送到该URL。因为这是您配置筛选器的目的。构造器中的/**
是筛选器正在侦听的要调用的URL,即现在的每个URL,因此对于每个URL,此筛选器都会启动。但我一次只调用一个URL。在调用返回之前,过滤器仍会被调用好几次,其中被保护的、调用入口点的、调用过滤器的、被保护的、调用过滤器的、被保护的等等。有没有办法摆脱这种情况?如何配置url模式?我尝试了dashboard/**,但当我使用时,筛选器未被触发?您不知道筛选器应仅应用于单个URL,入口点应将您发送到该URL。
public class DashboardAuthProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(DashboardAuthProvider.class);
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
logger.debug("Inside DashboardAuthProvider: authenticate method +authentication=" + authentication);
Authentication auth =null;
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
try{
String[] principalStrArr = ((String)authentication.getPrincipal()).split(":");
//Convert the authentication principal object to a map
if (principalStrArr[0].equals("test1") && principalStrArr[1].equals("test1"))
{
String username = principalStrArr[0];
String password = principalStrArr[1];
final UserDetails principal = new AccessInfo(username, password, grantedAuths);
auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);
logger.info("DashboardAuthProvider auth= " + auth);
}
else {
logger.info("Wrong credential");
return null;
}
}catch (Exception e){
logger.error(
"Exception occured in DashboardAuthProvider during authentication",
e);
}
return auth;
}
public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
super.onAuthenticationSuccess(request, response, authentication);
}