[英]Springboot - Httponly cookie Pass request to controller
I Have cookies working in httponly on my frontend app.我有 cookies 在我的前端应用程序的 httponly 中工作。
I want to be able to refresh the page and still be logged in. I can do this, the cookie stays present.我希望能够刷新页面并仍然登录。我可以这样做,cookie 保持存在。 But the data from the login request where it provides the userProfile in the body wont be present.但是,它在正文中提供 userProfile 的登录请求中的数据将不存在。
I have the following class which filters requests:我有以下过滤请求的 class :
public class AuthTokenFilter extends OncePerRequestFilter {
@Autowired
private JwtUtils jwtUtils;
@Autowired
private MyUserDetailsService userDetailsService;
private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
try {
String jwt = parseJwt(request);
if (jwt != null && jwtUtils.validateJwtToken(jwt)) {
String email = jwtUtils.getEmailFromJwtToken(jwt);
UserDetails userDetails = userDetailsService.loadUserByUsername(email);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
catch (Exception e) { logger.error("Cannot set user authentication: {}", e);
System.out.println(e);
}
filterChain.doFilter(request, response);
}
private String parseJwt(HttpServletRequest request) { return jwtUtils.getJwtFromCookies(request); }
}
But idealy i want to be handling the whoAmI
from the auth controller.但理想情况下,我想处理来自身份验证whoAmI
的 whoAmI。
@GetMapping("/whoAmI")
public ResponseEntity<?> whoAmI() {
...
...
...
Cookie[] cookies = request.getCookies();
if (cookies != null) {
var temp = Arrays.stream(cookies)
.map(c -> c.getName() + "=" + c.getValue()).collect(Collectors.joining(", "));
}
...
...
...
return ResponseEntity.ok().header(HttpHeaders.SET_COOKIE, jwtCookie.toString())
.body(userService.findUserProfileUserByEmail(userDetails.getEmail()));
}
It makes more sense for me to deal with this in controller instead of the filter.对我来说,在 controller 而不是过滤器中处理这个更有意义。 But how can I pass the request into the controller from the filter?但是如何将请求从过滤器传递到 controller 中?
You can define a controller method with an argument of type ServletRequest
and Spring will do the magic for you.您可以使用ServletRequest
类型的参数定义 controller 方法,并且 Spring 将为您施展魔法。
@GetMapping("/whoAmI")
public ResponseEntity<?> whoAmI(HttpServletRequest httpRequest) {
}
Take a look at reference docs here for possible handler method arguments.查看参考文档,了解可能的处理程序方法 arguments。
Also spring-mvc is a thread-per-request model, so (if you don't use async spring-mvc features) you can get your servlet request anywhere in your code by using: spring-mvc 是一个线程每个请求 model,所以(如果你不使用异步 spring-mvc 特性)你可以在任何地方使用你的代码请求你的servlet:
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes())
.getRequest();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.