Fatal编程技术网
  • spring/
  • 追加请求头后spring安全身份验证

追加请求头后spring安全身份验证

spring spring-security microservices

追加请求头后spring安全身份验证,spring,spring-security,microservices,netflix-zuul,Spring,Spring Security,Microservices,Netflix Zuul,我们希望在发生spring安全验证后向请求添加头 但是,不会附加标题。 我们可以通过Zuul过滤器完成,但不能使用spring security过滤器 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { httpServletRequestWra

我们希望在发生spring安全验证后向请求添加头

但是,不会附加标题。 我们可以通过Zuul过滤器完成,但不能使用spring security过滤器

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    httpServletRequestWrapper = new HttpServletRequestWrapper(request) {
        @Override
        public String getHeader(String name) {
            if (name.equalsIgnoreCase(ENV - HEADER)) {

                return active;
            } else if (name.equalsIgnoreCase(USERID)) {

                return (String) authentication.getPrincipal();
            } else {
                return super.getHeader(name);
            }
        }
    };

    filterChain.doFilter(httpServletRequestWrapper, servletResponse);
}
在您的安全配置文件中的
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
之后运行筛选器,将头添加到请求

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()

    // Your existing security configurations

    // Assuming UsernamePasswordAuthenticationFilter is the filter 
    .addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}

UsernamePasswordAuthenticationFilter
是为spring安全身份验证运行的enbuild spring筛选器。

在安全配置文件中的
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
之后运行筛选器以向请求添加头

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling().and().anonymous().and().servletApi().and().headers().and().authorizeRequests()

    // Your existing security configurations

    // Assuming UsernamePasswordAuthenticationFilter is the filter 
    .addFilterAfter(new AddHeaderFilter(), UsernamePasswordAuthenticationFilter.class);
}

UsernamePasswordAuthenticationFilter
是为spring安全身份验证运行的enbuild spring筛选器。

将您的yml或属性文件配置添加到

zuul:
  sensitiveHeaders: Cookie,Set-Cookie
  add-proxy-headers: true
然后zuul允许标头转到其他端点。

将您的yml或属性文件配置添加到

zuul:
  sensitiveHeaders: Cookie,Set-Cookie
  add-proxy-headers: true
然后zuul允许头球进入其他终点