问题描述
我想跳过一个过滤器-FilterSecurityInterceptor,因为它抛出No AuthenticationProvider found
异常。我们可以跳过弹簧链中的特定过滤器吗?
调用自定义过滤器后,我的代码中确实有chain.doFilter(request,response);// return to others spring security filters
,它会返回到其他spring安全过滤器。如何确保未验证FilterSecurityInterceptor。
这是我的自定义过滤器代码
public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain) throws IOException,ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
Authentication authResult;
String domainUser = request.getHeader(USER_ID);
String signature = request.getHeader(SIGNATURE);
String token = request.getHeader(SECURITY_TOKEN_KEY);
if (domainUser == null || domainUser.isEmpty()) {
throw new Exception("Please provide the Domain User");
}
if (signature != null && !signature.isEmpty()) {
authResult = signatureVerification.verifySignature(signature,domainUser);
if (authResult == null) {
logger.info("Unauthorized access attempted: HttpServletResponse.SC_UNAUTHORIZED");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
} else if (token != null && !token.isEmpty()) {
try {
authResult = attemptAuthentication(request,response);
if (authResult == null) {
logger.info("Unauthorized access attempted: HttpServletResponse.SC_UNAUTHORIZED");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
} catch (AuthenticationException failed) {
logger.info("Unauthorized access attempted: HttpServletResponse.SC_UNAUTHORIZED");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
} else {
throw new Exception("Please provide either auth token or signature");
}
try {
SecurityContextHolder.getContext().setAuthentication(authResult);
} catch (Exception e) {
logger.error(e.getMessage(),e);
if (e.getCause() instanceof AccessDeniedException) {
logger.info("Unauthorized access attempted: HttpServletResponse.SC_UNAUTHORIZED");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
chain.doFilter(request,response);// return to others spring security filters
}
and this is are the configure methods in SecurityConfiguration class
``` @Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/v2/api-docs","/configuration/ui","/swagger-resources/**","/configuration/security","/swagger-ui.html","/webjars/**");
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http.
csrf().disable().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
and().
authorizeRequests().
anyRequest().authenticated().
and().
anonymous().disable().
exceptionHandling().
authenticationEntryPoint(unauthorizedEntryPoint());
http.addFilterBefore(new TokenAuthenticationFilter(tokenService(),getSignatureVerification()),BasicAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(domainUsernameTokenAuthenticationProvider()).
authenticationProvider(tokenAuthenticationProvider()).
authenticationProvider(domainUsernameTokenAuthenticationProvider());
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)