2017-06-20 162 views
2

我的應用程序有兩種不同的安全配置。一個OAuth2SecurityConfiguration,另一個是LdapSecurityConfiguration。在OAuth2SecurityConfiguration我有以下2個filteres安全配置:如何在spring-security的另一個過濾器之前添加過濾器?

@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http 
      .csrf().disable() 
      .exceptionHandling() 
      .authenticationEntryPoint(authenticationEntryPoint) 
      .and() 
       .authorizeRequests() 
       .antMatchers(OAUTH_ENDPOINT).permitAll() 
       .anyRequest().authenticated() 
      .and() 
       .logout() 
       .logoutUrl(LOGOUT_ENDPOINT) 
       .logoutSuccessUrl("/") 
       .addLogoutHandler(oAuthLogoutHandler) 
      .and() 
       .addFilterAfter(oAuth2ClientContextFilter, ExceptionTranslationFilter.class) 
       .addFilterBefore(oAuth2AuthenticationProcessingFilter, FilterSecurityInterceptor.class) 
       // anonymous login must be disabled, 
       // otherwise an anonymous authentication will be created, 
       // and the UserRedirectRequiredException will not be thrown, 
       // and the user will not be redirected to the authorization server 
       .anonymous().disable(); 
} 

LdapSecurityConfiguration安全配置:

@Override 
protected void configure(HttpSecurity http) throws Exception { 
    http 
      .csrf().disable() 
      .exceptionHandling() 
      .authenticationEntryPoint(restAuthenticationEntryPoint) 
      .and() 
       .authorizeRequests() 
       .antMatchers(AUTH_ENDPOINT).permitAll() 
       .anyRequest().authenticated() 
      .and() 
       .logout() 
      .and() 
       .addFilterBefore(authenticationFilter, OAuth2ClientContextFilter.class); 
} 

但是,當過濾器鏈被初始化我得到這個錯誤:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter 
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) 
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) 
    ... 36 more 
Caused by: java.lang.IllegalArgumentException: Cannot register after unregistered Filter class org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter 
    at org.springframework.security.config.annotation.web.builders.FilterComparator.registerBefore(FilterComparator.java:183) 
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore(HttpSecurity.java:1039) 
    at com.company.configuration.LdapSecurityConfiguration.configure(LdapSecurityConfiguration.java:63) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:224) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:315) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.init(WebSecurityConfigurerAdapter.java:86) 
    at com.company.configuration.LdapSecurityConfiguration$$EnhancerBySpringCGLIB$$b4922dd5.init(<generated>) 
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.init(AbstractConfiguredSecurityBuilder.java:371) 
    at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:325) 
    at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:41) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:104) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.CGLIB$springSecurityFilterChain$3(<generated>) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e$$FastClassBySpringCGLIB$$b8c23686.invoke(<generated>) 
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) 
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358) 
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$33ca6b4e.springSecurityFilterChain(<generated>) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:498) 
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) 
    ... 37 more 

回答

0

How to add filter before my another filter in spring-security?

addFilterBefore

Cannot register after unregistered Filter

,但只有當你試圖之前將其添加到一個實際上是有

問題是你有兩個不同的配置。您需要確保以正確順序應用它們(使用Ordered@Order),或者將它們合併到單個配置中。

另請注意,您的配置嘗試配置logout()exceptionHandling()的方式不同。你不能這樣做。

+0

我對''OAuth2SecurityConfiguration'有'@Order(1)',''LdapSecurityConfiguration'有'@Order(2)'。 –

+0

@VladislavChernogorov:問題是,'OAuth2ClientContextFilter'沒有在'LdapSecurityConfiguration'中註冊,所以你不能在不存在'OAuth2ClientContextFilter'之前添加另一個過濾器。 @ OrangeDog的回答有點令人困惑,因爲豁免與配置順序無關。 – dur

+0

它沒有註冊,因爲其他配置尚未註冊,或者配置在其他方面存在衝突。可能是@Order在這裏沒有效果。 – OrangeDog

相關問題