1

我已经定义了 2 个过滤器,它们应该在每个请求上运行,但只有在 Spring Boot 设置了 SecurityContextHolder 的上下文之后。但是,我总是得到SecurityContextHolder.getContext().getAuthentication()空值。

这是我的过滤器配置:

@Bean
public FilterRegistrationBean SecurityContextHystrixRequestVariableSetterBean() throws Exception {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(securityContextHystrixRequestVariableSetterFilter());
    registration.setOrder(Ordered.LOWEST_PRECEDENCE);
    return registration;
}

@Bean
public FilterRegistrationBean HystrixRequestContextEnablerFilterBean() throws Exception {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(hystrixRequestContextEnablerFilter());
    registration.setOrder(Ordered.LOWEST_PRECEDENCE);
    return registration;
}

过滤器详情:

public class SecurityContextHystrixRequestVariableSetterFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        SecurityContextHystrixRequestVariable.getInstance().set(SecurityContextHolder.getContext());

        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

}

public class HystrixRequestContextEnablerFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HystrixRequestContext context = HystrixRequestContext.initializeContext();
        try {
            chain.doFilter(request, response);
        } finally {
            context.shutdown();
        }
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }

}
4

1 回答 1

0

您可以使用OncePerRequestFilter

public class CustomFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
        //do   
        chain.doFilter(request, response);
    }    
}

@Configuration
public class CustomConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilterAfter(new SecurityFilter(authenticationManager()), AnonymousAuthenticationFilter.class)
    }

}
于 2019-05-14T15:26:05.130 回答