我的Spring Security安裝有什麼問題？

我已經設置了我的spring安全性，但是，無論如何，我的HttpServletRequest並不是SecurityContextHolderAwareRequestWrapper的一個實例。我的Spring Security安裝有什麼問題？

有趣的是，如果我直接使用SecurityContextHolder.getContext（）。getAuthentication（），我可以獲得所需的所有信息。

這裏是我的調試代碼

 logger.debug("Test Permission using AwareRequestWrapper object"); 
    if (request instanceof SecurityContextHolderAwareRequestWrapper) { 
     logger.debug("The request is an instance of SpringSecurityAwareRequestWrapper"); 
     SecurityContextHolderAwareRequestWrapper requestWrapper = 
        (SecurityContextHolderAwareRequestWrapper) request; 
     if(requestWrapper.isUserInRole("administrator")) 
     { 
      logger.debug("user is an admin"); 
     } 
     else{ 
      logger.debug("user is a user"); 
     } 

    } 
    else{ 
     logger.debug("The request is NOT an instance of SpringSecurityAwareRequestWrapper"); 
    } 

    logger.debug("Test using directi SecurityContextHolder"); 
    Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
    if(auth!=null) 
    { 
     logger.debug("Authenticaiton object is not null"); 
     baseResult = (LoginResult)auth.getPrincipal(); 
     if(baseResult.isAdmin()) 
     { 
      logger.debug("user is an admin"); 
     } 
     else{ 
      logger.debug("user is an user"); 
     } 
    } 
    else{ 
     logger.debug("Authentication object is null"); 
    }

下面是結果日誌

2015-09-08 11:02:56,668 DEBUG [debugLogger] - Test Permission using AwareRequestWrapper object 
2015-09-08 11:02:56,668 DEBUG [debugLogger] - The request is NOT an instance of SpringSecurityAwareRequestWrapper 
2015-09-08 11:02:56,668 DEBUG [debugLogger] - Test using directi SecurityContextHolder 
2015-09-08 11:02:56,668 DEBUG [debugLogger] - Authenticaiton object is not null 
2015-09-08 11:02:56,668 DEBUG [debugLogger] - user is an admin

這裏是我的security.xml

<http auto-config="true" servlet-api-provision="true" use-expressions="true"> 

     <intercept-url pattern="/" access="permitAll"/> 
     <intercept-url pattern="/css/*" access="permitAll"/> 
     <intercept-url pattern="/images/*" access="permitAll"/> 
     <intercept-url pattern="/js/*" access="permitAll"/> 
     <intercept-url pattern="/resources/*.ttf" access="permitAll"/> 
     <intercept-url pattern="/fonts/*" access="permitAll"/> 

     <intercept-url pattern="/Logout.jsp" access="permitALL" /> 
     <intercept-url pattern="/index" access="permitAll"/> 


     <intercept-url pattern="/**/*" access="isAuthenticated()"/> 

     <form-login 
      login-page="/" 
      default-target-url="/home" 
      authentication-failure-url="/logout" 
      login-processing-url="/register"/> 

     <csrf disabled="true"/> 

    </http> 

    <beans:bean id="customAuthenticationProvider" 
       class="mynamespace.CustomAuthenticationProvider" /> 

    <authentication-manager> 
     <authentication-provider ref="customAuthenticationProvider"/> 
    </authentication-manager>

[編輯]：

僅供參考。我在日誌中打開的Spring Security之後，我做了這個

2015-09-08 12:22:19,634 DEBUG [org.springframework.security.web.FilterChainProxy] - /home at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

因此，過濾器被觸發，那麼，爲什麼不能我的控制器得到阿霍德的SecurityContextHolderAwareRequestWrapper的？

感謝

來源

2015-09-08 Liming

您可能想要檢查並確認它實際上是_is_。有可能它的'SecurityContextHolderAwareRequestWrapper'的子類，在這種情況下你的測試應該是'SecurityContextHolderAwareRequestWrapper.class.isAssignableFrom（）' –

解決..

其實，在我的web.xml中，我SpringFilterChain的背後，我還有一個過濾器，其被接管的要求和這樣的，我總是得到錯誤的類型..

將該過濾器移至web.xml中彈簧過濾器的上方，解決了該過濾器。

謝謝。

來源

2015-09-08 21:01:36 Liming

我的Spring Security安裝有什麼問題？

回答

相關問題