spring-security - 无法读取弹簧过滤器中的 HEADER
问题描述
我正在开发弹簧安全性并添加了过滤器。当从邮递员“标头”发送的请求能够读取但从反应/角度请求“标头”发送时显示为空。邮递员没有问题,但在使用应用程序调用时遇到问题。
@Component
public class GenericFiltering extends GenericFilterBean {
@Autowired
ServiceAccessParams serviceAccessParams;
@SuppressWarnings("unused")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
try {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
System.out.println("GenericFiltering is called..."+req.getRequestURI());
Enumeration<String> headerNames = req.getHeaderNames();
//map<String,String> mp=new HashMap<>();
//headerNames.forEach((key,value) ->{ System.out.println("Header Name: "+key+" Header Value: "+value); });
/* if (headerNames != null) {
while (headerNames.hasMoreElements()) {
System.out.println("Header: " + req.getHeader(headerNames.nextElement()));
}
}*/
if (headerNames != null) {
while (headerNames.hasMoreElements()) {
String name = headerNames.nextElement();
System.out.println("Header: " + name + " value:" + req.getHeader(name));
}
}
String hdrEncryptedData = req.getHeader("secretkey");
System.out.println("sc key:"+hdrEncryptedData);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
chain.doFilter(request, response);
} catch (CustomException e) {
setResponse(response, e.getExceptionMessage());
} catch (Exception e) {
setResponse(response, e.getMessage());
}
}
}
安全文件
@Order(Ordered.HIGHEST_PRECEDENCE)
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AuthenProvider authenProvider;
@Autowired
GenericFiltering genericFiltering;
@Bean
public PasswordEncoder encoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.anonymous().disable()
. authorizeRequests()
.antMatchers("/oauth/token/").permitAll();
http.addFilterBefore(genericFiltering, BasicAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
解决方案
推荐阅读
- r - 仅针对非空白值在其余列中复制 Column-1 值
- mongodb - 哪个ORM与spring boot + mongodb一起使用
- java - 使用数组列表查找素数
- linker - CodeBlocks 无法链接 allegro 库
- java - Java WatchService,使用线程对事件执行操作
- html - HTML CSS 将行的内容与居中的行跨度对齐
- flutter - 如何通过用户操作从子小部件重建父小部件?
- powerbi - 如何在 Power BI 中修改数据集的数据流?
- javascript - 为 Next.js 构建带有 CSS 模块的包
- java - 如何从命令行而不是 Intellij IDEA 运行 JUnit 测试?