如果在fitler类中删除@component,则不会调用Spring引导筛选器
我有两个端点,/health和/save。我不想为/health端点调用MyFilter。 下面是代码如果在fitler类中删除@component,则不会调用Spring引导筛选器,spring,spring-boot,spring-security,servlet-filters,Spring,Spring Boot,Spring Security,Servlet Filters,我有两个端点,/health和/save。我不想为/health端点调用MyFilter。 下面是代码 @Component public class MyFilter implements Filter { @Autowired private JwtConfig jwtConfig; @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletRe
@Component
public class MyFilter implements Filter {
@Autowired
private JwtConfig jwtConfig;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpServletRequest request = (HttpServletRequest) servletRequest;
// do something
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Configuration
@Order(2)
public class WebSecurityConfig extends DefaultSecurityConfig {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.cors().and().csrf().disable().addFilterAfter(new MyFilter(), BasicAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
super.configure(webSecurity);
webSecurity.ignoring().antMatchers("/health/**");
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
}
问题是,如果我从MyFilter中删除@component,则不会为任何端点调用该筛选器,如果我将其放回,则会在两个端点中调用该筛选器。如何使其仅适用于/health endpoint?仅在
//执行某些操作
部分,检查请求的url是否为度量,如果不是,则仅执行操作。该信息在HttpServletRequest
对象中随时可用
我不确定是否还有更直接的方法。使用FilterRegistrationBean只允许添加要包括的URL,而不允许添加要排除的URL
如果您确实认为只有这两个端点,那么当然可以使用FilterRegistrationBean只添加您的保存端点:
@Bean
public FilterRegistrationBean<MyFilter> myFilter() {
FilterRegistrationBean<MyFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new MyFilter());
registrationBean.addUrlPatterns("/save");
return registrationBean;
}
@Bean
公共过滤器注册bean myFilter(){
FilterRegistrationBean registrationBean=新的FilterRegistrationBean();
setFilter(新的MyFilter());
registrationBean.addUrlPatterns(“/save”);
返回注册bean;
}
在这种情况下,您可以删除组件注释。定义一个返回过滤器的
@Bean
方法(而不是使用@Component
),并添加一个额外的FilterRegistrationBean
,以选择应该响应的URL。如果这需要成为Spring安全过滤器链的一部分,请检查过滤器内的URL,并决定您是否需要做一件事或另一件事。谢谢。但在将来,除了/save之外,还会有更多端点。。那么,我们需要添加所有内容吗?@sagarkancherla你读了我答案的第一部分了吗?“仅在//执行某些操作部分,检查请求的url是否为度量值,如果不是,则仅执行操作。该信息在HttpServletRequest对象中随时可用。”。