在loadUserDetails方法中捕獲httpServeletRequest

Question

我有一個定製的彈簧AuthenticationProvider類，但嘗試攔截loadUserDetails方法中的HTTPServletRequest和HTTPServletResponse。

@Component("darnGoodAuthenticaionProvider") 
public class DarnGoodAuthenticaionProvider 
        extends HandlerInterceptorAdapter 
        implements AuthenticationUserDetailsService { 
    private HttpServletRequest request; 
    private HttpServletResponse response; 

    @Override 
    public boolean preHandle(HttpServletRequest request, 
          HttpServletResponse response, Object handler) 
          throws Exception { 
      this.request = request; 
      this.response = response; 
      // we don't want anything falling here 
      return true; 
} 

    @Override 
    public UserDetails loadUserDetails(Authentication token)throws 
                UsernameNotFoundException{ 
      ....... 
    } 
} 

我知道，從HandlerIntercepterAdapter的preHandler方法能夠給工作，但我怎麼能肯定的是，preHandler方法之前loadUserDetails調用，這樣我就可以得到請求和響應準備？

由於

Answer 1

在一個servlet容器，每個請求將被接收到的請求，直到響應由只有一個線程（請求==當前線程）返回的時刻進行處理。

因此，在彈簧安全過濾器鏈（filter-mapping元素位於spring安全性的過濾器映射之上）之前放置servlet過濾器，並使用ThreadLocal變量將請求和響應存儲在線程中，另請參閱此answer。

然後在DarnGoodAuthenticaionProvider上使用靜態方法RequestResponseHolder.getRequest()訪問請求。

web.xml中配置：

<filter> 
    <filter-name>saveRequestResponseFilter</filter-name> 
    <filter-class>sample.save.request.filter.SaveRequestResponseFilter</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>saveRequestResponseFilter</filter-name> 
    <url-pattern>/mobilews/*</url-pattern> 
</filter-mapping> 

過濾器以保存在線程請求響應：

public class SaveRequestResponseFilter implements Filter { 

    @Override 
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 
     HttpServletRequest req = (HttpServletRequest) request; 
     HttpServletResponse resp = (HttpServletResponse) response; 

     RequestResponseHolder.setRequestResponse(req,resp); 
     try { 
      chain.doFilter(request, response); 
     } 
     finally { 
      RequestResponseHolder.clear(); 
     } 
    } 

    @Override 
    public void init(FilterConfig filterConfig) throws ServletException { 
     ... 
    } 

    @Override 
    public void destroy() { 
     ... 
    } 
} 

請求/響應保持器：

public class RequestResponseHolder { 

    private static ThreadLocal<HttpServletRequest> requestHolder = new ThreadLocal<HttpServletRequest>(); 
    private static ThreadLocal<HttpServletResponse> responseHolder = new ThreadLocal<HttpServletResponse>(); 


    public static void setRequestResponse(HttpServletRequest request, HttpServletResponse response) { 
     requestHolder.set(request); 
     responseHolder.set(response); 
    } 

    public static HttpServletRequest getServletRequest(){ 
     return requestHolder.get(); 
    } 

    public static HttpServletResponse getServletResponse() { 
     return responseHolder.get(); 
    } 

    public static void clear() { 
     requestHolder.remove(); 
     responseHolder.remove(); 
    } 
} 

獲得從DarnGoodAuthenticaionProvider請求：

HttpServletRequest req = RequestResponseHolder.getServletRequest();