本文解决问题
将自定义的Filter 加入到 Spring Security 中的Filter 链中的指定位置。
Spring Security 默认的过滤器链
官网位置:http://docs.spring.io/spring-security/site/docs/5.0.0.M1/reference/htmlsingle/#ns-custom-filters
| 别名 | 类名称 | Namespace Element or Attribute |
|---|---|---|
| CHANNEL_FILTER | ChannelProcessingFilter | http/intercept-url@requires-channel |
| SECURITY_CONTEXT_FILTER | SecurityContextPersistenceFilter | http |
| CONCURRENT_SESSION_FILTER | ConcurrentSessionFilter | session-management/concurrency-control |
| HEADERS_FILTER | HeaderWriterFilter | http/headers |
| CSRF_FILTER | CsrfFilter | http/csrf |
| LOGOUT_FILTER | LogoutFilter | http/logout |
| X509_FILTER | X509AuthenticationFilter | http/x509 |
| PRE_AUTH_FILTER | AbstractPreAuthenticatedProcessingFilter( Subclasses) | N/A |
| CAS_FILTER | CasAuthenticationFilter | N/A |
| FORM_LOGIN_FILTER | UsernamePasswordAuthenticationFilter | http/form-login |
| BASIC_AUTH_FILTER | BasicAuthenticationFilter | http/http-basic |
| SERVLET_API_SUPPORT_FILTER | SecurityContextHolderAwareRequestFilter | http/@servlet-api-provision |
| JAAS_API_SUPPORT_FILTER | JaasApiIntegrationFilter | http/@jaas-api-provision |
| REMEMBER_ME_FILTER | RememberMeAuthenticationFilter | http/remember-me |
| ANONYMOUS_FILTER | AnonymousAuthenticationFilter | http/anonymous |
| SESSION_MANAGEMENT_FILTER | SessionManagementFilter | session-management |
| EXCEPTION_TRANSLATION_FILTER | ExceptionTranslationFilter | http |
| FILTER_SECURITY_INTERCEPTOR | FilterSecurityInterceptor | http |
| SWITCH_USER_FILTER | SwitchUserFilter | N/A |
过滤器顺序从上到下
自定义 Filter
自定义的Filter 建议继承GenericFilterBean,本文示例:
publicclassBeforeLoginFilterextendsGenericFilterBean{@OverridepublicvoiddoFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException{ System.out.println("This is a filter before UsernamePasswordAuthenticationFilter.");// 继续调用 Filter 链 filterChain.doFilter(servletRequest, servletResponse); } }配置自定义 Filter 在 Spring Security 过滤器链中的位置
配置很简单,本文示例:
protectedvoidconfigure(HttpSecurity http) throws Exception{ http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/user/**").hasRole("USER") .and() .formLogin().loginPage("/login").defaultSuccessUrl("/user") .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/login");// 在 UsernamePasswordAuthenticationFilter 前添加 BeforeLoginFilter http.addFilterBefore(new BeforeLoginFilter(), UsernamePasswordAuthenticationFilter.class);// 在 CsrfFilter 后添加 AfterCsrfFilter http.addFilterAfter(new AfterCsrfFilter(), CsrfFilter.class); }说明:HttpSecurity 有三个常用方法来配置:
- addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter)
在 beforeFilter 之前添加 filter - addFilterAfter(Filter filter, Class<? extends Filter> afterFilter)
在 afterFilter 之后添加 filter - addFilterAt(Filter filter, Class<? extends Filter> atFilter)
在 atFilter 相同位置添加 filter, 此 filter 不覆盖 filter
通过在不同
Filter的doFilter()方法中加断点调试,可以判断哪个 filter 先执行,从而判断 filter 的执行顺序 。
作者:Anoyi
链接:https://www.jianshu.com/p/deb512b41f99
來源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
热门文章
- Spring Security 入门:自定义 Filter
- 2月4日最新V2rayU订阅 | 20.2M/S|2025年Clash/V2ray/SSR/Shadowrocket免费节点链接地址
- 广州宠物救助领养中心官网(广州宠物救助领养中心官网电话)
- 长沙宠物领养中心在哪个位置(长沙宠物领养中心在哪个位置呀)
- 2月3日最新V2rayU订阅 | 18.7M/S|2025年SSR/V2ray/Clash/Shadowrocket免费节点链接地址
- CentOS 7.6环境设置Redis开机自启动
- 2月5日最新V2rayU订阅 | 19.6M/S|2025年Shadowrocket/V2ray/Clash/SSR免费节点链接地址
- 成年猫注射疫苗应注意事项(成年猫要打什么针)
- 动物疫苗间隔时间多长打一次比较好(动物疫苗多长时间内打)
- 2月7日最新V2rayU订阅 | 20.4M/S|2025年Clash/SSR/V2ray/Shadowrocket免费节点链接地址
归纳
-
18 2025-02