g安全和自定义AuthenticationFilter与Spri

g安全和自定义AuthenticationFilter与Spri

本文介绍了Spring安全和自定义AuthenticationFilter与Spring启动的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我有自定义身份验证过滤器,可创建 PreAuthenticatedAuthenticationToken 并将其存储在安全上下文中。一切正常。这是配置:

I have custom authentication filter which creates PreAuthenticatedAuthenticationToken and stores it in security context. This all works fine. Here is the config:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private SsoAuthenticationProvider authenticationProvider;

    @Autowired
    private SsoAuthenticationFilter ssoAuthenticationFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(ssoAuthenticationFilter, SecurityContextPersistenceFilter.class);
    }
}

现在我的 ssoAuthenticationFilter 是正确位置的 FilterChainProxy 的一部分。顺利。

Now my ssoAuthenticationFilter is part of the FilterChainProxy, on the right position. Smooth.

但是因为 ssoAuthenticationFilter 过滤器它被Boot选中并作为过滤器包含在内。所以我的过滤器链看起来很像:

But as the ssoAuthenticationFilter is Filter it gets picked up by Boot and included as a filter. So my filter chain really looks like:


  • ssoAuthenticationFilter(包含因为过滤器

  • filterChainProxy(spring autoconfiguration)

    • ...

    • SecurityContextPersistenceFilter

    • ssoAuthenticationFilter(包含在 http.addFilterAfter(...)

    • ...

    • ssoAuthenticationFilter (included because being Filter)
    • filterChainProxy (spring autoconfiguration)
      • ...
      • SecurityContextPersistenceFilter
      • ssoAuthenticationFilter (included by http.addFilterAfter(...))
      • ...

      显然我想摆脱 ssoAuthenticationFilter 的自动注册(列出的第一个)。

      Obviously I would like to get rid of the autoregistration of the ssoAuthenticationFilter here (the first one listed).

      任何提示都非常感谢。

      Any tips much appreciated.

      推荐答案

      2个选择:


      1. 添加 FilterRegistrationBean @Bean ,将过滤器bean作为目标过滤器,并将其标记为enabled = false

      1. Add a FilterRegistrationBean @Bean with your filter bean as its target filter and mark it as enabled=false

      不要为你的过滤器创建一个 @Bean 定义(通常这就是我所做的,但是YMMV因为你可能依赖自动装配或其他东西来使它工作)

      Don't create a @Bean definition for your filter (normally that's what I do, but YMMV since you might depend on autowiring or something to get it working)

      这篇关于Spring安全和自定义AuthenticationFilter与Spring启动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

      1403页,肝出来的..

09-07 01:02