Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/reporting-services/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何在Spring中预处理对所有控制器的请求?验证CSRF令牌_Spring_Rest_Spring Mvc_Csrf - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 如何在Spring中预处理对所有控制器的请求?验证CSRF令牌

如何在Spring中预处理对所有控制器的请求?验证CSRF令牌

spring rest spring-mvc

如何在Spring中预处理对所有控制器的请求?验证CSRF令牌,spring,rest,spring-mvc,csrf,Spring,Rest,Spring Mvc,Csrf,我正在开发一个SpringMVC后端(和GWT前端),它提供了一个REST接口。出于安全原因,它应该在每个请求上验证令牌。现在的问题是:我如何检查令牌而不在每个控制器中写入它应该检查的内容?我想到一个类,它有一个方法,在请求到达负责的控制器并检查令牌之前运行,如果令牌有效,它将把数据传递给控制器 通过导线发送的JSON数据如下所示: { "data": { "id":1, "firstName":"firstExample", "l

我正在开发一个SpringMVC后端(和GWT前端),它提供了一个REST接口。出于安全原因,它应该在每个请求上验证令牌。现在的问题是:我如何检查令牌而不在每个控制器中写入它应该检查的内容?我想到一个类,它有一个方法,在请求到达负责的控制器并检查令牌之前运行,如果令牌有效,它将把数据传递给控制器

通过导线发送的JSON数据如下所示:

{
    "data":
    {
        "id":1,
        "firstName":"firstExample",
        "lastName":"lastExample"
    },
    "csrf":"myCSRFToken"
}
Spring设置的其余部分如下所示:

{
    "data":
    {
        "id":1,
        "firstName":"firstExample",
        "lastName":"lastExample"
    },
    "csrf":"myCSRFToken"
}
web.xml:

<context-param>
    <param-name>contextClass</param-name>
    <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>myapp.server.AppConfig</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/rest/*</url-pattern>
</servlet-mapping>
人事控制员:

@Controller
@RequestMapping("/persons")
public class PersonController {
    @ResponseBody
    @RequestMapping(method = RequestMethod.GET)
    public Collection<Person> list() {
        //
    }
}
我对Spring完全陌生,我想知道我必须在哪里修改我的配置才能让它按预期工作

谢谢大家!

它现在在dispatcher-servlet.xml中使用以下代码:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

    <context:component-scan base-package="myapp.server.controller" />

    <mvc:annotation-driven />

</beans>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

<context:component-scan base-package="myapp.server.controller" />

<mvc:annotation-driven />

<mvc:interceptors>  
     <bean class="myapp.server.XSRFInterceptor" />
</mvc:interceptors>

</beans>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

</beans>
还有一个问题:如何修改传递给控制器的JSON

问题1的解决方案(xml与java):

dispatcher-servlet.xml:

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

    <context:component-scan base-package="myapp.server.controller" />

    <mvc:annotation-driven />

</beans>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

<context:component-scan base-package="myapp.server.controller" />

<mvc:annotation-driven />

<mvc:interceptors>  
     <bean class="myapp.server.XSRFInterceptor" />
</mvc:interceptors>

</beans>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">

</beans>
还有待解决:如何处理拦截器内的JSON数据?

拦截器就是您要寻找的。对不起,我无法从我的手机上发送密码。谢谢。我更进一步了。也许你或其他人可以发布一些代码。我已经创建了一个HandlerInterceptorAdapter(这是适合我的用例的吗?)。AppConfig现在扩展了WebMVCConfigureAdapter,并使用我的拦截器调用addInterceptors。但拦截程序从未被调用。此外,我不知道如何修改其中的JSON数据,因为拦截器只是在其预处理方法中返回一个布尔值。