我的过滤器如下:如何在弹簧安全过滤器之后添加自定义过滤器顺序?
@Component
@Order(1)
public class MDCFilter implements Filter {
.....
和application.properties中
security.filter-order=0
在上面设置 - 我的过滤器,然后再过来保安过滤器。但我需要春季安全过滤后的mdcFilter。
我的过滤器如下:如何在弹簧安全过滤器之后添加自定义过滤器顺序?
@Component
@Order(1)
public class MDCFilter implements Filter {
.....
和application.properties中
security.filter-order=0
在上面设置 - 我的过滤器,然后再过来保安过滤器。但我需要春季安全过滤后的mdcFilter。
您可以通过定义你喜欢的安全配置把你的过滤器旁边的特定弹簧保安过滤器:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MDCFilter mdcFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(mdcFilter, UsernamePasswordAuthenticationFilter.class);
}
}
在上面的例子中的过滤器将只UsernamePasswordAuthenticationFilter前走。您还可以使用HttpSecurity类方法addFilterAfter(Filter filter, Class<? extends Filter> afterFilter)
和addFilterAt(Filter filter, Class<? extends Filter> atFilter)
指定您的过滤器顺序。
谢谢,但我使用JwtAuthenticationFilter(由atlassian提供)。它没有奏效。 –
如果你希望自己的Filter在Spring Security之后,你可以创建自己的Spring Security过滤器注册并指定顺序。
https://github.com/spring-projects/spring-boot/issues/1640
@Bean
public FilterRegistrationBean securityFilterChain(@Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) Filter securityFilter) {
FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter);
registration.setOrder(Integer.MAX_VALUE - 1);
registration.setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME);
return registration;
}
@Bean
public FilterRegistrationBean userInsertingMdcFilterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
UserInsertingMdcFilter userFilter = new UserInsertingMdcFilter();
registrationBean.setFilter(userFilter);
registrationBean.setOrder(Integer.MAX_VALUE);
return registrationBean;
}
试图 '@Bean 公共FilterRegistrationBean securityFilterChain(@Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)过滤SecurityFilter类){ FilterRegistrationBean登记=新FilterRegistrationBean(SecurityFilter类); registration.setOrder(Integer.MAX_VALUE - 1); registration.setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME); 返回注册; }' –
and '@Bean public FilterRegistrationBean userInsertingMdcFilterRegistrationBean(final MDCFilter mdcFilter)FilterRegistrationBean registrationBean = new FilterRegistrationBean(); registrationBean.setFilter(mdcFilter); registrationBean.setOrder(1); 返回registrationBean; }' –