Spring boot 2在安全拦截器之前添加拦截器
如何在spring安全检查拦截器之前添加自定义拦截器(当安全oauth中止请求时,我需要日志请求数据)。
回答 2
Stack Overflow用户
发布于 2022-01-01 13:26:04
以防其他人在这里跌倒。
正如我在评论中提到的,使用过滤器而不是拦截器似乎是可行的。不过,我会对此保持谨慎,因为我是一个初学者,所以我会做更多的研究。
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
import lombok.extern.slf4j.Slf4j;
/**
* Logs an incoming request method, url and querystring and then continues the chain.
* NOTE: A HandlerInterceptor only executes AFTER spring security has allowed the request through, hence this approach.
*/
@Slf4j
@Component
public class RequestLoggingFilter extends GenericFilterBean {
@Override
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
StringBuilder requestURL = new StringBuilder(httpServletRequest.getRequestURL().toString());
String queryString = httpServletRequest.getQueryString();
String url;
if (queryString == null) {
url = requestURL.toString();
} else {
url = requestURL.append('?').append(queryString).toString();
}
log.info("Incoming request: " + httpServletRequest.getMethod()+ " " + url);
chain.doFilter(request, response);
}
}然后我像这样注册它:
@EnableWebSecurity
public class SecurityConfig {
@Autowired
RequestLoggingFilter requestLoggingFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.addFilterBefore(requestLoggingFilter, UsernamePasswordAuthenticationFilter.class)
// ... SNIP ...
return http.build();
}我随机选择将其添加到UsernamePasswordAuthenticationFilter.class之前,因此请谨慎使用。我真的不知道spring security是如何决定它将运行什么过滤器的(例如,我的应用程序使用JWT,所以运行UsernamePasswordAuthenticationFilter似乎完全没有意义)。
编辑:也许在第一个(ChannelProcessingFilter)是最好的之前,https://docs.spring.io/spring-security/site/docs/5.3.9.RELEASE/reference/html5/#servlet-security-filters就添加了它?
Stack Overflow用户
发布于 2019-09-20 15:34:17
Spring处理程序拦截器
在框架上使用HandlerMapping的拦截器必须实现HandlerInterceptor接口。
此接口包含三个主要方法:
prehandle() -在实际处理程序执行之前调用,但视图尚未生成,postHandle() -在处理程序执行后调用
afterCompletion() -在完成请求并生成视图后调用,这三个方法为各种预处理和后处理提供了灵活性。
快速注意- HandlerInterceptor和HandlerInterceptorAdapter之间的主要区别是,在第一个方法中,我们需要覆盖所有三个方法:preHandle(), postHandle() and afterCompletion(),而在第二个方法中,我们可能只实现必需的方法。
public class LoggerInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(
HttpServletRequest request,
HttpServletResponse response,Object handler) throws Exception {
log.info("[preHandle][" + request + "]" + "[" + request.getMethod()
+ "]" + request.getRequestURI() + getParameters(request));
return true;
}
}由于您使用的是Spring Boot,因此我假设您更愿意尽可能地依赖Spring的自动配置。要添加额外的自定义配置,只需提供WebMvcConfigurerAdapter的配置或bean即可。
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Autowired
HandlerInterceptor yourInjectedInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(...)
...
registry.addInterceptor(getYourInterceptor());
registry.addInterceptor(yourInjectedInterceptor);
// next two should be avoid -- tightly coupled and not very testable
registry.addInterceptor(new YourInterceptor());
registry.addInterceptor(new HandlerInterceptor() {
...
});
}
}https://stackoverflow.com/questions/58023718
复制相似问题
腾讯云开发者
