stackoom
  简体   繁体   中英

Spring Security: AuthenticationProcessingFilter is called twice

 原文  2014-10-20 07:57:49       java/ spring/ spring-security/ restful-authentication

Question

I try configure Spring Security via token authorization in RESTful application.

My AuthenticationFilter looks like:

@Configurable

public class CustomTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    private static final Logger logger = LoggerFactory.getLogger(CustomTokenAuthenticationFilter.class);

    private final static String SECRET_KEY = "ThisIsASecretKey";
    public final String HEADER_SECURITY_TOKEN = "X-Token";

    @Inject
    private Users usres;

    public CustomTokenAuthenticationFilter(String defaultFilterProcessesUrl) {
        super(defaultFilterProcessesUrl);
        super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl));
        setAuthenticationManager(new NoOpAuthenticationManager());
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException,
            ServletException {
        String token = request.getHeader(HEADER_SECURITY_TOKEN);

        logger.info("token found:" + token);
        TokenInfo tokenInfo = new TokenInfo(token, SECRET_KEY);

        AbstractAuthenticationToken userAuthenticationToken;
        try {
            userAuthenticationToken = authUserByToken(tokenInfo);
            if (userAuthenticationToken == null)
                throw new AuthenticationServiceException(MessageFormat.format("Error | {0}", "Bad Token"));

            return userAuthenticationToken;
        } catch (ParseException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return null;
    }

    private AbstractAuthenticationToken authUserByToken(TokenInfo token) throws ParseException {
        if (token == null) {
            return null;
        }
        UserInfo userInfo = usres.findUser(token.getUsername());
        ModelMapper mapper = new ModelMapper();
        mapper.getConfiguration().setProvider(new UserProvider());

        User userDetails = mapper.map(userInfo, User.class);
        AbstractAuthenticationToken authToken = new AuthenticationToken(userDetails);

        try {
            return authToken;
        } catch (Exception e) {
            logger.error("Authenticate user by token error: ", e);
        }
        return authToken;
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler() {
            @Override
            public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
                    throws IOException, ServletException {
                chain.doFilter(request, response);
            }
        });
        super.doFilter(req, res, chain);
    }

}

and Spring Security config:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    AuthenticationManager authenticationManager;

    @Bean
    protected AbstractAuthenticationProcessingFilter getTokenAuthFilter() throws Exception {
        CustomTokenAuthenticationFilter tapf = new CustomTokenAuthenticationFilter("/api/secure-module/admin/**");
        tapf.setAuthenticationManager(authenticationManager);
        return tapf;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);

        http.csrf().disable().addFilterBefore(getTokenAuthFilter(), AnonymousAuthenticationFilter.class).exceptionHandling()
                .authenticationEntryPoint(new RestAuthenticationEntryPoint());

    }

}

It works fine but CustomTokenAuthenticationFilter is called twice and I don't know why. Any ideas?

2 answers

solution1
 5  2014-10-20 12:10:10

I found problem, it is @Bean annotation in getTokenAuthFilter method. Then I had 2 registered filter in chain (additionalFilters, originalChain).

solution2
 1  2021-03-05 14:55:00

I had a similar experience when the Filter was generating an exception causing a redirect to /error which triggered the Filter again. I had to specify

@Override
public void configure(WebSecurity web) throws Exception {
    // ignoring security for /error
    web.ignoring().antMatchers("/error");
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question spring security 2.0.6 AuthenticationProcessingFilter authenticationFailureUrl not working spring security custom AuthenticationProvider is called twice and fails Spring security custom filter called twice for REST Controller Spring HandlerInterceptor called twice Spring controller method called twice Spring singleton being called twice Spring AOP Advice Called Twice Spring boot filter called twice or not called at all Spring security custom LogoutHandler not called Not able to persist entity in jpa if extending class with spring AuthenticationProcessingFilter
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM