我有一个自定义的Spring Security过滤器,扩展了GenericFilterBean.
为了进行自动依赖和bean创建,我添加了一个@Component注释.
在我的安全配置中,我也注册过滤器,如:
@Autowired
private RestAuthenticationFilter restAuthenticationFilter;
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.addFilterBefore(restAuthenticationFilter, LogoutFilter.class)
一切都运行良好,除了我的过滤器被调用两次......似乎Spring也自动将过滤器添加到标准过滤器.
这里最好的方法是什么?
UPDATE
@Dave这是你的意思吗?它似乎工作.
@Configuration
@ComponentScan
@EnableAutoConfiguration
public class Application extends WebMvcConfigurerAdapter {
@Autowired
private RestAuthenticationFilter restAuthenticationFilter;
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Bean
public ApplicationSecurity applicationSecurity() {
return new ApplicationSecurity();
}
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setEnabled(false);
filterRegistrationBean.setFilter(restAuthenticationFilter);
return filterRegistrationBean;
}
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
private RestAuthenticationFilter restAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.addFilterBefore(restAuthenticationFilter, LogoutFilter.class)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.requestCache()
.requestCache(new NullRequestCache())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
}
}
}
Dave Syer.. 8
您需要显式注册过滤器并使用FilterRegistrationBeanAPI 将其标记为"enabled = false" .然后Spring Security将在其链中使用它,但Boot也不会尝试注册它.
您需要显式注册过滤器并使用FilterRegistrationBeanAPI 将其标记为"enabled = false" .然后Spring Security将在其链中使用它,但Boot也不会尝试注册它.
京公网安备 11010802040832号 | 京ICP备19059560号-6 