时间戳

首页 > 解决方案 > Spring OncePerRequestFilter 阻止将 POST 请求发送到路由

java - Spring OncePerRequestFilter 阻止将 POST 请求发送到路由

问题描述

我是 Spring Boot 的新手。
我想发出登录请求以从服务器获取 jwt 令牌。以简单的方式它没有问题,但是当我在 securityConfiguration 类中配置 addFilterBefore 方法时,即使我使用 antmatchers 方法,我也没有收到来自服务器的令牌。
WebSecurityConfig 类

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    

    @Bean
    public JwtAuthenticationFilter jwtAuthenticationFilter() {
        return new JwtAuthenticationFilter();
    }

    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("/api/auth/**").permitAll().anyRequest().authenticated();
        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

OncePerRequest 类
public class JwtAuthenticationFilter extends OncePerRequestFilter {

@Autowired
private JwtProvider jwtProvider;
@Autowired
private UserDetailsService userDetailsService;


@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    String jwt = getJwtFromRequest(request);

    if (StringUtils.hasText(jwt) && jwtProvider.validateToken(jwt)) {
        String username = jwtProvider.getUsernameFromJwt(jwt);
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        UsernamePasswordAuthenticationToken authentication =
                new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request,response);
    }
}

private String getJwtFromRequest(HttpServletRequest httpServletRequest) {
    String bearerToken = httpServletRequest.getHeader("Authorization");
    if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
        return bearerToken.substring(7);
    }
    return bearerToken;
}

当我请求登录服务器但没有返回令牌时邮递员
的屏幕截图。 当我请求登录服务器但未在 securityc 配置类中配置 OncePerRequestFilter 对象 (jwtAuthenticationFilter) 时邮递员的屏幕截图。我的意思是我从 websecurityconfigureradapter 类中删除了这些行。 @Bean public JwtAuthenticationFilter jwtAuthenticationFilter() { return new JwtAuthenticationFilter(); }
在此处输入图像描述 

http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);


我感谢所有可以帮助我的人。

标签: javaspring

解决方案

我解决了。我不得不搬家

filterChain.doFilter(request,response);

在过滤器类的 doFilterInternal 中的 if 块之外。

推荐阅读