2017-07-07 79 views
1

我正在實施如下的自定義認證過濾器。但它總是返回404未找到。例如:http://localhost:8082/InstaHelpers/api/user/registration彈出認證過濾器不工作

WebSecurityConfig.java

@Configuration 
        @EnableWebSecurity 
        public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 
         public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization"; 
         public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login"; 
         public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**"; 
         public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token"; 

         @Autowired 
         private RestAuthenticationEntryPoint authenticationEntryPoint; 
         @Autowired 
         private JwtAuthenticationSuccessHandler successHandler; 
         @Autowired 
         private JwtAuthenticationFailureHandler failureHandler; 
         @Autowired 
         private AjaxAuthenticationProvider ajaxAuthenticationProvider; 
         @Autowired 
         private JwtAuthenticationProvider jwtAuthenticationProvider; 

         @Autowired 
         private TokenExtractor tokenExtractor; 

         @Autowired 
         private AuthenticationManager authenticationManager; 

         private ObjectMapper objectMapper = new ObjectMapper(); 

         protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception { 
          AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler, 
            failureHandler, objectMapper); 
          filter.setAuthenticationManager(this.authenticationManager); 
          return filter; 
         } 

         protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception { 
          List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT); 
          SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT); 
          JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler, 
            tokenExtractor, matcher); 
          filter.setAuthenticationManager(this.authenticationManager); 
          return filter; 
         } 

         @Bean 
         @Override 
         public AuthenticationManager authenticationManagerBean() throws Exception { 
          return super.authenticationManagerBean(); 
         } 

         @Override 
         protected void configure(AuthenticationManagerBuilder auth) { 
          auth.authenticationProvider(ajaxAuthenticationProvider); 
          auth.authenticationProvider(jwtAuthenticationProvider); 
         } 

         @Override 
         protected void configure(HttpSecurity http) throws Exception { 
          http.csrf().disable() // We don't need CSRF for JWT based authentication 
            .exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint) 

            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) 

            .and().authorizeRequests().antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login 
                                 // end-point 
            .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token 
                         // refresh 
                         // end-point 
            .antMatchers("/console").permitAll() // H2 Console Dash-board - 
                      // only for testing 
            .and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected 
                                  // API 
                                  // End-points 
            .and().addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class) 
            .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class) 
            .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), 
              UsernamePasswordAuthenticationFilter.class); 
         } 
        } 

的web.xml

  <?xml version="1.0" encoding="UTF-8"?> 
      <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
       xmlns:sec="http://www.springframework.org/schema/security" 
       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd 
       http://www.springframework.org/schema/security 
       http://www.springframework.org/schema/security/spring- 
       security-4.2.xsd"> 


       <context-param> 
        <param-name>contextConfigLocation</param-name> 
        <param-value>/WEB-INF/spring/*.xml</param-value> 
       </context-param> 


       <listener> 
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
       </listener> 


       <servlet> 
        <servlet-name>appServlet</servlet-name> 
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
        <init-param> 
         <param-name>contextConfigLocation</param-name> 
         <param-value>/WEB-INF/spring/appServlet/servlet- context.xml</param-value> 
        </init-param> 
        <load-on-startup>1</load-on-startup> 
       </servlet> 

       <servlet-mapping> 
        <servlet-name>appServlet</servlet-name> 
        <url-pattern>/</url-pattern> 
       </servlet-mapping> 
      </web-app> 

依賴

   <dependency> 
       <groupId>org.springframework.security</groupId> 
       <artifactId>spring-security-core</artifactId> 
       <version>4.2.2.RELEASE</version> 
      </dependency> 

      <dependency> 
       <groupId>org.springframework.security</groupId> 
       <artifactId>spring-security-config</artifactId> 
       <version>4.2.2.RELEASE</version> 
      </dependency> 

      <dependency> 
       <groupId>org.springframework.security</groupId> 
       <artifactId>spring-security-web</artifactId> 
       <version>4.2.2.RELEASE</version> 
      </dependency> 

我知道解決這樣的問題,其他問題已列出,但是它沒有解決問題。

回答

0

您需要可以創建延伸類AbstractSecurityWebApplicationInitializer它會自動加載springSecurityFilterChain

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 

public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer { 

} 

或提供彈簧安全過濾器鏈中的web.xml 下面

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy 
       </filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

(I還可以在servlet- context.xml中,正確這個問題,以及注意到一個空間)。

你可能在你的視圖解析器不正確映射其他的事情,請張貼代碼爲以及