Spring Java 配置问题答案

【问题标题】：Spring java config issuesSpring Java 配置问题
【发布时间】：2014-07-11 07:56:07
【问题描述】：

我正在使用 java config 来实现 spring 安全性，我正在尝试替换这段代码，但没有成功

    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />

找不到任何关于如何在 java config 中使用位置的信息更新我正在尝试用 java config 替换此代码，但没有运气

 <security:http
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="unauthorizedEntryPoint"
        authentication-manager-ref="authenticationManager">
    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
    <security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
    <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
    <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
</security:http>

<bean id="unauthorizedEntryPoint" class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.UnauthorizedEntryPoint" />

<bean class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
    <constructor-arg ref="userDao" />
</bean>

这是我的 AuthenticationTokenProcessingFilter

public class AuthenticationTokenProcessingFilter extends UsernamePasswordAuthenticationFilter

{

private final UserDetailsService userService;


public AuthenticationTokenProcessingFilter(UserDetailsService userService)
{
    this.userService = userService;
}


@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
        ServletException
{
    HttpServletRequest httpRequest = this.getAsHttpRequest(request);

    String authToken = this.extractAuthTokenFromRequest(httpRequest);
    String userName = TokenUtils.getUserNameFromToken(authToken);

    if (userName != null) {

        UserDetails userDetails = this.userService.loadUserByUsername(userName);

        if (TokenUtils.validateToken(authToken, userDetails)) {

            UsernamePasswordAuthenticationToken authentication =
                    new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }

    chain.doFilter(request, response);
}


private HttpServletRequest getAsHttpRequest(ServletRequest request)
{
    if (!(request instanceof HttpServletRequest)) {
        throw new RuntimeException("Expecting an HTTP request");
    }

    return (HttpServletRequest) request;
}


private String extractAuthTokenFromRequest(HttpServletRequest httpRequest)
{
    /* Get token from header */
    String authToken = httpRequest.getHeader("X-Auth-Token");

    /* If token not found get it from request parameter */
    if (authToken == null) {
        authToken = httpRequest.getParameter("token");
    }

    return authToken;
}

希望这更清楚

【问题讨论】：

你到底想做什么？提供一些详细信息。
您好，更新了请求，谢谢！

标签： java spring spring-security spring-java-config

【解决方案1】：

Here 是按执行顺序排列的过滤器类，您可以使用HttpSecurity 类的addFilter 方法添加自己的过滤器：

@Override
public void configure(HttpSecurity http) throws Exception {
  http.addFilter(new AuthenticationTokenProcessingFilter());
  ...

您必须扩展或提供已定义 Spring 过滤器的实例。顺序基于类或超类，因此您不必添加位置： JavaDoc

【讨论】：

谢谢！但是我需要替换它还是在它之前或之后添加它？
谢谢你的回答很清楚很好！我遇到的另一个问题是在哪里注入用户服务 public AuthenticationTokenProcessingFilter(UserDetailsService userService) { this.userService = userService; }
在构造函数前加上@Autowired注解。
谢谢！但我不断抛出异常；嵌套异常是 org.springframework.beans.factory.BeanCreationException: 错误嵌套异常是 java.lang.IllegalArgumentException: authenticationManager 必须指定