0
我在我的web应用程序过滤器,它从有关用户外部来源的信息临危,如果他在不在家目前登入的运行。继承人我的过滤器:请告诉我错的HttpServletResponse的addHeader#?
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException
{
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String loginBean = httpRequest.getHeader(CommonVariables.LOGIN_BEAN);
if (loginBean == null)
{
System.out.println("FILTER-----------");
try
{
String login;
String domain;
//Here i'm getting login and domain string
loginBean = domain + "\\" + login;
httpResponse.addHeader("LoginBean", loginBean);
System.out.println(login + " " + domain);
} catch (Exception e)
{
e.printStackTrace();
//redirect to login page
httpResponse.sendRedirect("...");
return;
}
}
chain.doFilter(request, response);
}
不是我虽然那些头将被传递到下一个过滤器。所以我实现了春季安全PRE_AUTH_FILTER:
春季安全上下文
<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">
<!-- Additional http configuration omitted -->
<custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</http>
<beans:bean id="siteminderFilter" class=
"org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<beans:property name="principalRequestHeader" value="LoginBean"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<beans:property name="preAuthenticatedUserDetailsService">
<beans:bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<beans:bean id="userDetailsService" class="com.execon.security.CustomUserDetailsService"/>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="preauthAuthProvider" />
</authentication-manager>
然后我试图解析loginBean串在我的CustoUserDetailsService和接收实际工作中的用户对象。但它没有被解雇,并且应用程序因此失败:
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: LoginBean header not found in request.
那么这意味着标头设置错误了吗?还是根本不设置?什么可能是错的?
滤镜设置LoginBean是第一个开枪,然后进入春季安全。标准输出好的工作,因为我有:
17:12:15,669 INFO [stdout] (http--127.0.0.1-8080-2) FILTER-----------
17:12:15,669 INFO [stdout] (http--127.0.0.1-8080-2) LOGIN DOMAIN
非常感谢您! :) – kamil