[英]HandlerInterceptorAdapter doesn't run on login with Spring Security
我的攔截器在除登錄外的所有請求中運行。
攔截器:
public class MultitenantHandler extends HandlerInterceptorAdapter {
private static final Logger log = LoggerFactory.getLogger(MultitenantHandler.class);
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse res, Object handler){
String origin = req.getHeader("Origin");
log.debug("Origin: "+origin);
if (origin == null) {
origin = "localhost";
}
int indexDot = origin.indexOf(".");
int indexDash = origin.indexOf("://") + 3;
String tenant = "";
if (indexDot == -1) {
tenant = "experter";
log.warn("Using default tenant");
TenantContext.setCurrentTenant(tenant);
} else {
tenant = origin.substring(indexDash, indexDot);
log.info("Using tenant: " + tenant);
TenantContext.setCurrentTenant(tenant);
}
return true;
}
}
在WebMvcConfigurerAdapter我這樣注冊:
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new MultitenantHandler());
}
這是我的安全配置:
@Configuration
@EnableWebSecurity
@Profile({"development", "demo", "default"})
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final Logger log = LoggerFactory.getLogger(SecurityConfig.class);
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private JWTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private JWTAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private StatelessAuthenticationFilter statelessAuthFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().permitAll()
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler);
http.logout().permitAll()
.logoutSuccessHandler(logoutSuccessHandler);
http.addFilterBefore(statelessAuthFilter, UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/v2/api-docs").hasRole("ADMIN")
.antMatchers("/login").permitAll()
.antMatchers("/login/changePassword").permitAll()
.antMatchers("/user/image").permitAll()
.antMatchers("/social/login/facebook").permitAll()
.antMatchers("/actuator/**").hasRole("ADMIN")
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
log.info("Configuration of http complete.");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder);
}
當我請求/login攔截器不運行時,在其他請求中甚至沒有登錄,攔截器正常工作。
我需要在執行任何請求之前執行攔截器,因為我需要根據url請求設置數據庫。
如果您需要更多信息,請告訴我可以在這里發布。
如果您有相同的問題,我使用@ M.Deinum sugest過濾器解決了此問題。 我使用了用於驗證身份驗證令牌的相同過濾器。
UsernameNotFoundException:Spring Boot + Spring Security中的登錄表單不起作用
[英]UsernameNotFoundException: Login form in Spring Boot + Spring Security doesn't work
使用java config的Spring Security不會提交登錄頁面
[英]Spring Security using java config doesn't submit the login page
HandlerInterceptorAdapter似乎沒有轉發HttpServletRequestWrapper
[英]HandlerInterceptorAdapter doesn't seem to forward HttpServletRequestWrapper
Java spring 安全 | JWT csrf 令牌在 /login 上不起作用
[英]Java spring Security | JWT csrf token doesn't work on /login
Spring 安全默認登錄表單不會被自定義登錄頁面替換
[英]Spring Security default login form doesn't get replaced with custom login page
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.