java – (自定义)RestAuthenticationProcessingFilter Ordering

发布时间：2020-12-15 04:42:24 所属栏目：Java 来源：网络整理

导读：我尝试通过令牌将Rest身份验证添加到我的应用程序. 我创建了一个简单的过滤器,其他任何东西都不打印消 public class RestAuthenticationProcessingFilter extends GenericFilterBean {@Overridepublic void doFilter(ServletRequest arg0,ServletResponse ar

我尝试通过令牌将Rest身份验证添加到我的应用程序.
我创建了一个简单的过滤器,其他任何东西都不打印消

public class RestAuthenticationProcessingFilter extends GenericFilterBean {

@Override
public void doFilter(ServletRequest arg0,ServletResponse arg1,FilterChain arg2) throws IOException,ServletException {
    System.out.println(arg0);
            // EDIT 25/02/2014
            arg2.doFilter(arg0,arg1);
}

}

我正在使用Spring 4.0和Spring Security 3.2与JavaConfig.

我在我的适配器中添加了这个：

@Override
        protected void configure(HttpSecurity http) throws Exception {

            /*
             * @RemarqueDev Différence entre permitAll et anonymous : permitAll
             * contient anonymous. Anonymous uniquement pour non connecté
             */
            http.addFilter(new RestAuthenticationProcessingFilter());
            http.csrf().disable().headers().disable();
            http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());

当我运行jetty服务器时,我收到此消息：

Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: The Filter class my.package.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.:
java.lang.IllegalArgumentException: The Filter class com.jle.athleges.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilter(HttpSecurity.java:1122)

为什么？

谢谢

解决方法

AddFilter：

Adds a Filter that must be an instance of or extend one of the Filters
provided within the Security framework. The method ensures that the
ordering of the Filters is automatically taken care of. The ordering
of the Filters is:…

您的过滤器不是安全框架内的过滤器的实例或扩展.

但是你可以使用addFilterBefore或addFilterAfter.

例如：

addFilterBefore(new RestAuthenticationProcessingFilter(),BasicAuthenticationFilter.class)

您可以在文档中找到安全过滤器链的顺序：

http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/config/annotation/web/HttpSecurityBuilder.html#addFilter%28javax.servlet.Filter%29

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!