0
我正在构建一个使用Spring 4和java configs(没有任何xml文件)的REST应用程序。Spring安全休息令牌身份验证 - 筛选器不运行
这里是一些实际的代码:
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] {ApplicationConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
}
除此之外,我保证与令牌认证WebService的,所以我有一个过滤器来处理令牌,妥善他的令牌获取用户,并把用户对象进入SecuriryContext
。这里是Filter
的一些代码:
@Component
public class AuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
private String tokenHeader = "X-Auth-Token";
@Autowired
private TokenUtils tokenUtils;
@Autowired
private UserDetailsService userDetailsService;
@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String authToken = httpRequest.getHeader(this.tokenHeader);
String username = this.tokenUtils.getUsernameFromToken(authToken);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (this.tokenUtils.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
}
我使用Spring Security的,这里是我WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private EntryPointUnauthorizedHandler unauthorizedHandler;
@Autowired
private AuthenticationTokenFilter authTokenFilter;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(this.unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
}
我的问题是,过滤器的doFilter()
不运行。任何帮助?注意:使用SpringBoot不是一个选项。我想这样做,而不使用弹簧引导自动配置。
如果你不使用Spring Security你可能会想创造一些过滤器作为责任链条,并添加豆类,过滤器,它 –
我也应该从我的过滤器中移除注解@Component吗? –
如果你想让你的过滤器成为一个bean,并希望它的字段Autowired,它应该仍然被注释为@Component当然=) –