Spring Security:如何在 FilterRegistrationBean 中使用多个 URL 模式?
[英]Spring Security: How to use multiple URL patterns in FilterRegistrationBean?
问题描述
I have a bean
我有一颗豆
@Bean
public FilterRegistrationBean animalsFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new AnimalsFilter());
registration.addUrlPatterns(
"/api/cat",
"/api/cat/**",
"/api/dog"
);
...
return registration;
}
In that bean, I use two patterns for /api/cat** URLs.在那个 bean 中,我对/api/cat** URL 使用了两种模式。 The problem is that when I try to call endpoints with complex postfix ( /api/cat/1/feed ), my filter does not intercept the request.问题是,当我尝试使用复杂的后缀 ( /api/cat/1/feed ) 调用端点时,我的过滤器不会拦截请求。 But it's OK when I call /api/cat and /api/got endpoints -- filter works as expected and intercepts requests.但是当我调用/api/cat和/api/got端点时没问题——过滤器按预期工作并拦截请求。
How can I use multiple URL patterns for my case ( /api/cat , /api/cat/** )?如何为我的案例使用多个 URL 模式( /api/cat 、 /api/cat/** )?
PS聚苯乙烯
I have tried to use next pattern combinations:我尝试使用下一个模式组合:
1) /api/cat, /api/cat**, /api/dog
2) /api/cat, /api/cat/**, /api/dog
3) /api/cat**, /api/dog
3 个解决方案
解决方案1
11 2018-04-14 19:46:02
As mentioned by @Tarun Lalwani, you need to use * instead of ** , because ** is not a valid url pattern in this case.正如@Tarun Lalwani 所提到的,您需要使用*而不是** ,因为在这种情况下**不是有效的网址模式。
In your case, try the following:在您的情况下,请尝试以下操作:
registration.addUrlPatterns(
"/api/cat",
"/api/cat/*",
"/api/dog",
"/api/dog/*"
);
those would match /api/cat/1 , /api/cat/1/feed , /api/dog/1 , /api/dog/1/feed , ...那些将匹配/api/cat/1 , /api/cat/1/feed , /api/dog/1 , /api/dog/1/feed ,...
If you want to replicate the /api/* behavior that would, only match /api/this but /api/not/that , then you need to use the following pattern: /api/*/ .如果您想复制仅匹配/api/this但匹配/api/this /api/not/that的/api/*行为,则需要使用以下模式: /api/*/ 。
解决方案2
8 2018-04-16 14:14:17
If you look at the documentation如果您查看文档
https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/api/org/springframework/boot/web/servlet/FilterRegistrationBean.html https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/api/org/springframework/boot/web/servlet/FilterRegistrationBean.html
When no URL pattern or servlets are specified the filter will be associated to '/*'
As you can see * is the pattern used by spring and not ** .如您所见, *是spring使用的模式,而不是** 。 ** is usually a glob used by bash , golang . **通常是bash和golang使用的 glob。 But spring uses * only.但是 spring 只使用* 。 So what you need is just所以你需要的只是
registration.addUrlPatterns(
"/api/cat",
"/api/cat/*",
"/api/dog",
"/api/dog/*"
);
The ** patterns are usually used in the security filters **模式通常用于安全过滤器
https://docs.spring.io/spring-security/site/docs/current/reference/html/security-filter-chain.html#filter-chain-proxy https://docs.spring.io/spring-security/site/docs/current/reference/html/security-filter-chain.html#filter-chain-proxy
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<constructor-arg>
<list>
<sec:filter-chain pattern="/restful/**" filters="
securityContextPersistenceFilterWithASCFalse,
basicAuthenticationFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
<sec:filter-chain pattern="/**" filters="
securityContextPersistenceFilterWithASCTrue,
formLoginFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
</list>
</constructor-arg>
</bean>
解决方案3
0 2020-12-15 22:56:01
my problem is: the filter is being called on every endpoint call, ignoring the patterns i've set:我的问题是:在每个端点调用中都会调用过滤器,忽略我设置的模式:
myBean.setUrlPatterns(Arrays.asList("/cat/*","/dog/*","/serpent/*"));
i've created the bean inside @SpringBootApplication class.我在 @SpringBootApplication 类中创建了 bean。
so if i call http://server/api/animal/elephant the filter is being hit, and i don't think this is the expected behaviour since i've set the url patterns所以如果我调用 http://server/api/animal/elephant 过滤器被命中,我不认为这是预期的行为,因为我已经设置了 url 模式
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.