我想设置一个引用cookie,因为我需要排除某些页面(例如错误,登录,注销等),以便能够重定向到上次调用但未排除的页面登录后:在Spring Security Filter Chain之前设置Cookie
public class CookieReferrerFilter extends OncePerRequestFilter {
public static final String REFERRER_COOKIE_NAME = "REFERRER";
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!isReferrerExcluded(request)) {
Cookie sessionCookie = new Cookie(REFERRER_COOKIE_NAME, request.getRequestURI());
sessionCookie.setPath(!"".equals(request.getContextPath()) ? request.getContextPath() : "/");
sessionCookie.setSecure(false);
sessionCookie.setMaxAge(-1);
response.addCookie(sessionCookie);
}
filterChain.doFilter(request, response);
}
private boolean isReferrerExcluded(HttpServletRequest request) {
for (String pattern : EXCLUDED_REFERRER) {
if (new AntPathRequestMatcher(pattern).matches(request)) {
return true;
}
}
return false;
}
}
但是Spring Security Filter链在CookieReferrerFilter之前被触发。 因此,调用受保护的页面会立即将我重定向到登录页面,而无需在之前调用CookieReferrerFilter.doFilterInternal
,也不设置cookie。
有一类配置webbapp(设置配置类,映射,过滤器)延伸AbstractAnnotationConfigDispatcherServletInitializer
:
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { ApplicationContextConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
@Override
protected Filter[] getServletFilters() {
CookieReferrerFilter cookieReferrerFilter = new CookieReferrerFilter();
CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setEncoding("UTF-8");
characterEncodingFilter.setForceEncoding(true);
return new Filter[] { cookieReferrerFilter, characterEncodingFilter };
}
}
,另一个简单地延伸AbstractSecurityWebApplicationInitializer
:
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
[安全过滤链](http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html) – 2014-12-19 08:32:35