Spring 应用令牌筛选器后如何显示每个控制器的响应
我目前正在学习Spring安全性,并尝试使用customer token filter从标头中的承载令牌(令牌当前存储在数据库中)查询用户数据。但是在应用令牌过滤器之后,错误响应或正确响应将不会显示在响应主体上。我需要添加什么才能正确返回响应正文Spring 应用令牌筛选器后如何显示每个控制器的响应,spring,spring-boot,spring-security,Spring,Spring Boot,Spring Security,我目前正在学习Spring安全性,并尝试使用customer token filter从标头中的承载令牌(令牌当前存储在数据库中)查询用户数据。但是在应用令牌过滤器之后,错误响应或正确响应将不会显示在响应主体上。我需要添加什么才能正确返回响应正文 package com.deeeplabs.psg.config; import com.deeeplabs.psg.domain.Role; import com.deeeplabs.psg.service.UserService; import
package com.deeeplabs.psg.config;
import com.deeeplabs.psg.domain.Role;
import com.deeeplabs.psg.service.UserService;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.ValidationException;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
public class TokenAuthenticationFilter extends OncePerRequestFilter {
UserService userService;
public TokenAuthenticationFilter(UserService userService) {
this.userService = userService;
}
@Override
public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
final String accessToken = request.getHeader("Authorization");
if (accessToken != null) {
String[] myHeader = accessToken.split(" ");
if (!myHeader[0].equals("Bearer")) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
if (myHeader.length != 2) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
com.deeeplabs.psg.domain.User userData = userService.findByAuthKey(myHeader[1]).get();
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (Role role : userData.getRoleList()) {
grantedAuthorities.add(new SimpleGrantedAuthority(role.getName()));
}
User user = new User(
userData.getUsername(),
userData.getPassword(),
true,
true,
true,
true,
grantedAuthorities
);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
filterChain.doFilter(request, response);
}
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthorized Access");
}
}
package com.deeeplabs.psg.config;
导入com.deeeplabs.psg.domain.Role;
导入com.deeeplabs.psg.service.UserService;
导入org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
导入org.springframework.security.core.GrantedAuthority;
导入org.springframework.security.core.authority.SimpleGrantedAuthority;
导入org.springframework.security.core.context.SecurityContextHolder;
导入org.springframework.security.core.userdetails.User;
导入org.springframework.web.filter.OncePerRequestFilter;
导入javax.servlet.FilterChain;
导入javax.servlet.ServletException;
导入javax.servlet.http.HttpServletRequest;
导入javax.servlet.http.HttpServletResponse;
导入javax.validation.ValidationException;
导入java.io.IOException;
导入java.util.HashSet;
导入java.util.Set;
公共类TokenAuthenticationFilter扩展了OncePerRequestFilter{
用户服务用户服务;
公共令牌身份验证筛选器(UserService UserService){
this.userService=userService;
}
@凌驾
public void doFilterInternal(HttpServletRequest请求、HttpServletResponse响应、FilterChain FilterChain)抛出ServletException、IOException{
最终字符串accessToken=request.getHeader(“授权”);
if(accessToken!=null){
字符串[]myHeader=accessToken.split(“”);
如果(!myHeader[0]。等于(“承载人”)){
senderError(HttpServletResponse.SC\u BAD\u请求);
}
如果(myHeader.length!=2){
senderError(HttpServletResponse.SC\u BAD\u请求);
}
com.deeeplabs.psg.domain.User userData=userService.findByAuthKey(myHeader[1]).get();
Set grantedAuthories=new HashSet();
for(角色:userData.getRoleList()){
添加(新的SimpleGrantedAuthority(role.getName());
}
用户=新用户(
userData.getUsername(),
userData.getPassword(),
是的,
是的,
是的,
是的,
授权机构
);
UsernamePasswordAuthenticationToken authentication=新的UsernamePasswordAuthenticationToken(user,null,user.getAuthories());
SecurityContextHolder.getContext().setAuthentication(身份验证);
filterChain.doFilter(请求、响应);
}
senderError(HttpServletResponse.SC_禁止,“未经授权的访问”);
}
}
这是我当前的令牌筛选器一旦确定错误请求,您必须停止(返回)筛选器链
if (!myHeader[0].equals("Bearer")) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (myHeader.length != 2) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
我终于找到了异常不会显示在响应中的根本原因,实际上我必须补充一点
web.ignoring().antMatchers("/error");
由于Spring默认启动时使用服务器地址/错误作为错误路径返回类型为void,是否有必要?我尝试添加这个,但是我的邮递员仍然没有收到本地主机的任何响应,但是错误出现在控制台上