追加请求头后spring安全身份验证
我们希望在发生spring安全验证后向请求添加头 但是,不会附加标题。 我们可以通过Zuul过滤器完成,但不能使用spring security过滤器追加请求头后spring安全身份验证,spring,spring-security,microservices,netflix-zuul,Spring,Spring Security,Microservices,Netflix Zuul,我们希望在发生spring安全验证后向请求添加头 但是,不会附加标题。 我们可以通过Zuul过滤器完成,但不能使用spring security过滤器 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { httpServletRequestWra
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
httpServletRequestWrapper = new HttpServletRequestWrapper(request) {
@Override
public String getHeader(String name) {
if (name.equalsIgnoreCase(ENV - HEADER)) {
return active;
} else if (name.equalsIgnoreCase(USERID)) {
return (String) authentication.getPrincipal();
} else {
return super.getHeader(name);
}
}
};
filterChain.doFilter(httpServletRequestWrapper, servletResponse);
}
在您的安全配置文件中的
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
之后运行筛选器,将头添加到请求
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()
// Your existing security configurations
// Assuming UsernamePasswordAuthenticationFilter is the filter
.addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}
UsernamePasswordAuthenticationFilter
是为spring安全身份验证运行的enbuild spring筛选器。在安全配置文件中的org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
之后运行筛选器以向请求添加头
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()
// Your existing security configurations
// Assuming UsernamePasswordAuthenticationFilter is the filter
.addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}
UsernamePasswordAuthenticationFilter
是为spring安全身份验证运行的enbuild spring筛选器。将您的yml或属性文件配置添加到
zuul:
sensitiveHeaders: Cookie,Set-Cookie
add-proxy-headers: true
然后zuul允许标头转到其他端点。将您的yml或属性文件配置添加到
zuul:
sensitiveHeaders: Cookie,Set-Cookie
add-proxy-headers: true
然后zuul允许头球进入其他终点