0
我正在構建一個使用Spring 4和java configs(沒有任何xml文件)的REST應用程序。Spring安全休息令牌身份驗證 - 篩選器不運行
這裏是一些實際的代碼:
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[] {ApplicationConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
}
除此之外,我保證與令牌認證WebService的,所以我有一個過濾器來處理令牌,妥善他的令牌獲取用戶,並把用戶對象進入SecuriryContext。這裏是Filter的一些代碼:
@Component
public class AuthenticationTokenFilter extends UsernamePasswordAuthenticationFilter {
private String tokenHeader = "X-Auth-Token";
@Autowired
private TokenUtils tokenUtils;
@Autowired
private UserDetailsService userDetailsService;
@Override
@Autowired
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
super.setAuthenticationManager(authenticationManager);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String authToken = httpRequest.getHeader(this.tokenHeader);
String username = this.tokenUtils.getUsernameFromToken(authToken);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (this.tokenUtils.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
}
我使用Spring Security的,這裏是我WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private EntryPointUnauthorizedHandler unauthorizedHandler;
@Autowired
private AuthenticationTokenFilter authTokenFilter;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(this.unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
}
我的問題是,過濾器的doFilter()不運行。任何幫助?注意:使用SpringBoot不是一個選項。我想這樣做,而不使用彈簧引導自動配置。
如果你不使用Spring Security你可能會想創造一些過濾器作爲責任鏈條,並添加豆類,過濾器,它 –
我也應該從我的過濾器中移除註解@Component嗎? –
如果你想讓你的過濾器成爲一個bean,並希望它的字段Autowired,它應該仍然被註釋爲@Component當然=) –