请告诉我错的HttpServletResponse的addHeader＃？

Question

我在我的web应用程序过滤器，它从有关用户外部来源的信息临危，如果他在不在家目前登入的运行。继承人我的过滤器：

@Override 
public void doFilter(ServletRequest request, ServletResponse response, 
         FilterChain chain) throws IOException, ServletException 
{ 
    HttpServletRequest httpRequest = (HttpServletRequest) request; 
    HttpServletResponse httpResponse = (HttpServletResponse) response; 

    String loginBean = httpRequest.getHeader(CommonVariables.LOGIN_BEAN); 
    if (loginBean == null) 
    { 
     System.out.println("FILTER-----------"); 
     try 
     { 
      String login; 
      String domain; 
      //Here i'm getting login and domain string 
      loginBean = domain + "\\" + login; 
      httpResponse.addHeader("LoginBean", loginBean); 
      System.out.println(login + " " + domain); 
     } catch (Exception e) 
     { 
      e.printStackTrace(); 
      //redirect to login page 
      httpResponse.sendRedirect("..."); 
      return; 
     } 
    } 
    chain.doFilter(request, response); 
} 

不是我虽然那些头将被传递到下一个过滤器。所以我实现了春季安全PRE_AUTH_FILTER：

春季安全上下文

<http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint"> 
    <!-- Additional http configuration omitted --> 
    <custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" /> 
</http> 

<beans:bean id="siteminderFilter" class= 
     "org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter"> 
    <beans:property name="principalRequestHeader" value="LoginBean"/> 
    <beans:property name="authenticationManager" ref="authenticationManager" /> 
</beans:bean> 

<beans:bean id="preauthAuthProvider" 
     class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider"> 
    <beans:property name="preAuthenticatedUserDetailsService"> 
     <beans:bean id="userDetailsServiceWrapper" 
       class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> 
      <beans:property name="userDetailsService" ref="userDetailsService"/> 
     </beans:bean> 
    </beans:property> 
</beans:bean> 

<beans:bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> 
<beans:bean id="userDetailsService" class="com.execon.security.CustomUserDetailsService"/> 

<authentication-manager alias="authenticationManager"> 
    <authentication-provider ref="preauthAuthProvider" /> 
</authentication-manager> 

然后我试图解析loginBean串在我的CustoUserDetailsS​​ervice和接收实际工作中的用户对象。但它没有被解雇，并且应用程序因此失败：

org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: LoginBean header not found in request. 

那么这意味着标头设置错误了吗？还是根本不设置？什么可能是错的？

滤镜设置LoginBean是第一个开枪，然后进入春季安全。标准输出好的工作，因为我有：

17:12:15,669 INFO [stdout] (http--127.0.0.1-8080-2) FILTER----------- 
17:12:15,669 INFO [stdout] (http--127.0.0.1-8080-2) LOGIN DOMAIN 

Answer 1

您在response设置的东西和Spring的类正在寻找在request相同。

可以修改传入HttpServletRequest的唯一方法是装饰它。你应该定义一个类为第一如下：

public class AuthHttpServletRequest extends HttpServletRequestWrapper 
{ 
    private String loginBean; 

    public AuthHttpServletRequest(HttpServletRequest aRequest, String loginBean) 
    { 
     super(aRequest); 
     this.loginBean = loginBean; 
    } 

    @Override 
    public String getHeader(String headerName) 
    { 
     if(CommonVariables.LOGIN_BEAN.equals(headerName)) { 
      return this.loginBean; 
     } 
     return super.getHeader(headerName); 
    } 
} 

然后，更换过滤器中的以下行：

httpResponse.addHeader("LoginBean", loginBean); 

与此：

request = new AuthHttpServletequest(httpRequest, loginBean); 

然后你chain.doFilter获取请求可以在过滤器链返回loginBean，你想要它，到了春天的认证过滤器类，下降。