时间戳

首页 > 解决方案 > Spring拦截授权端点的http请求

java - Spring拦截授权端点的http请求

问题描述

我需要在 http 请求之前进行回调/oauth/authorize,我尝试使用标准拦截器模式,WebMvcConfigurerAdapter如下所示:

@Configuration
public class MvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new UserAuthorizationInterceptor())
            .addPathPatterns("/oauth/authorize");
    }

// .... 

private class UserAuthorizationInterceptor implements HandlerInterceptor {

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println(); // breakpoint
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        System.out.println(); // breakpoint
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        return true; // breakpoint
    }

由于某种原因,这不会触发任何模式/oauth/**,但是如果我用类似的东西替换路径匹配器,.addPathPatterns("/**");它仍然会在大多数 http 请求上触发,除了oauth. 我怎样才能实现这个处理程序?

编辑

我尝试用全局过滤器方法解决这个问题

@Component
@Order(1)
public class Foo implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request,response); // breakpoint
    }

}

然而,对于每个 http 请求EXCEPT /oauth/**再次调用此过滤器。在我看来,oauth 请求根本没有传递到过滤器链

标签: javaspringspring-securityoauthinterceptor

解决方案

您可以通过 Spring Security AuthorizationServerConfigurerAdapter添加拦截器:

public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    endpoints.addInterceptor(new CustomInterceptor());
  }

  private class CustomInterceptor implements HandlerInterceptor {

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) {
      ...
    }
  }
}

这样,您可以添加HandlerInterceptorWebRequestInterceptor,或者如果您愿意,甚至可以同时添加两者。

推荐阅读