2017-12-18 260 views
-1

我已在應用程序中使用AbstractAuthenticationProcessingFilter添加了基於令牌的身份驗證。一旦認證成功,一切正常,直到轉發請求。但是,由於某些原因,找不到處理程序方法。你能幫忙嗎?未找到Spring安全方法處理程序

2017-12-17 22:51:05,560 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:219][] Secure object: FilterInvocation: URL: /v1/userPreferences; Attributes: [permitAll] 
2017-12-17 22:51:05,561 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:348][] Previously Authenticated: org.springframew[email protected]9f6533a: Principal: [email protected]: Username: [email protected]t-mobile.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: update-enterprise; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: update-enterprise 
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [AffirmativeBased:66][] Voter: org.sp[email protected]4bf2a649, returned: 1 
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:243][] Authorization successful 
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:256][] RunAsManager did not change Authentication object 
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterChainProxy:310][] /v1/userPreferences reached end of additional filter chain; proceeding with original chain 
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences 
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:108][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] looking up handler for path: /v1/userPreferences 
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences] 
2017-12-17 22:51:05,574 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences 
2017-12-17 22:51:05,575 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences] 
2017-12-17 22:51:05,578 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [SecurityContextPersistenceFilter:119][] SecurityContextHolder now cleared, as request processing completed 

這裏是我的過濾器實現:

public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter 
{ 


    final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName()); 

    @Autowired 
    private IAMUserDAO iamUserDAO; 

    @Autowired 
    private CDBUserProfileDao cdbUserProfileDao; 

    @Autowired 
    private IAMOAuth2Dao iamOAuth2DAO; 

    protected TokenAuthenticationFilter(String defaultFilterProcessesUrl) { 
     super(defaultFilterProcessesUrl); 
     super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl)); 
     setAuthenticationManager(new TokenAuthenticationManager()); 
     setAuthenticationSuccessHandler(new TokenAuthenticationSuccessHandler()); 
    } 


    @Override 
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
      throws AuthenticationException, IOException, ServletException { 

     AbstractAuthenticationToken authToken = null; 
     String accessToken = request.getHeader("Authorization"); 

     logger.info("Retrieving roles for token " + accessToken); 

     ResponseEntity<String> tokenResponse = Utils.validateAccessToken(request, iamOAuth2DAO); 

     if (tokenResponse.getStatusCode().equals(HttpStatus.OK)){ 

     try { 

      UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody()); 

      if(userProfileResponse != null){ 

      String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(), userProfileResponse.getRoles().getRole()); 

      logger.info("The action returned is " + action); 

      if(!StringUtil.isBlank(action)){ 

      List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream() 
               .map(s -> new SimpleGrantedAuthority(s)) 
               .collect(Collectors.toList()); 

      User principal = new User(userProfileResponse.getTuid(), "", authorities); 
      authToken = new UsernamePasswordAuthenticationToken(principal, "", principal.getAuthorities()); 

       } 
      } 
     } 
     catch(Exception e){ 
      logger.error("rba processing encounter an error " + e.getMessage()); 
     } 
    } 
    else{ 
      logger.error(accessToken + " is an invalid token"); 
      throw new AuthenticationServiceException("Invalid Token"); 
    } 

     if(authToken == null){ 
      logger.error("Authentication object couldn't be created"); 
       throw new AuthenticationServiceException("Error creating authentication object"); 
     } 
     else 
      logger.info("Authentication object created"); 

     return authToken; 
    } 

    @Override 
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) 
       throws IOException, ServletException { 
      super.successfulAuthentication(request, response, chain, authResult); 

      chain.doFilter(request, response); 
    } 

    } 

這裏的AuthenticationSuccessHandler:

public class TokenAuthenticationSuccessHandler implements AuthenticationSuccessHandler{ 

    final static Logger logger = Logger.getLogger(TokenAuthenticationSuccessHandler.class.getCanonicalName()); 


    private String determineTargetUrl(HttpServletRequest request, 
      HttpServletResponse response) { 

     String context = request.getContextPath(); 
     String fullURL = request.getRequestURI(); 

     logger.info("The context is " + context + " and the full url is " + fullURL); 
     String url = fullURL.substring(fullURL.indexOf(context)+context.length()); 
     return url; 

    } 

    @Override 
    public void onAuthenticationSuccess(HttpServletRequest request, 
      HttpServletResponse response, Authentication authentication) 
      throws IOException, ServletException { 

     String url = determineTargetUrl(request,response); 

     logger.info("Forwarding request after loading the authentication with url " + request.getRequestURL()); 
     logger.info("The url is " + url); 

     request.getRequestDispatcher(url).forward(request, response); 

    } 

} 

回答

0

我做了導致此問題的應用程序上下文和servlet上下文之間的不良佈線

相關問題