Spring安全和自定义AuthenticationFilter与Spring启动 [英] Spring security and custom AuthenticationFilter with Spring boot
问题描述
我有自定义身份验证过滤器,可创建 PreAuthenticatedAuthenticationToken 并将其存储在安全上下文中。一切正常。这是配置:
I have custom authentication filter which creates PreAuthenticatedAuthenticationToken and stores it in security context. This all works fine. Here is the config:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private SsoAuthenticationProvider authenticationProvider;
@Autowired
private SsoAuthenticationFilter ssoAuthenticationFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(ssoAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
}
现在我的 ssoAuthenticationFilter 是正确位置的 FilterChainProxy 的一部分。顺利。
Now my ssoAuthenticationFilter is part of the FilterChainProxy, on the right position. Smooth.
但是因为 ssoAuthenticationFilter 是过滤器它被Boot选中并作为过滤器包含在内。所以我的过滤器链看起来很像:
But as the ssoAuthenticationFilter is Filter it gets picked up by Boot and included as a filter. So my filter chain really looks like:
- ssoAuthenticationFilter(包含因为
过滤器) - filterChainProxy(spring autoconfiguration)
- ...
- SecurityContextPersistenceFilter
- ssoAuthenticationFilter(包含在
http.addFilterAfter(...)) - ...
- ssoAuthenticationFilter (included because being
Filter) - filterChainProxy (spring autoconfiguration)
- ...
- SecurityContextPersistenceFilter
- ssoAuthenticationFilter (included by
http.addFilterAfter(...)) - ...
显然我想摆脱
ssoAuthenticationFilter的自动注册(列出的第一个)。Obviously I would like to get rid of the autoregistration of the
ssoAuthenticationFilterhere (the first one listed).任何提示都非常感谢。
Any tips much appreciated.
推荐答案
2个选择:
-
添加
FilterRegistrationBean@Bean,将过滤器bean作为目标过滤器,并将其标记为enabled = false
Add a
FilterRegistrationBean@Beanwith your filter bean as its target filter and mark it as enabled=false
不要为你的过滤器创建一个
@Bean定义(通常这就是我所做的,但是YMMV因为你可能依赖自动装配或其他东西来使它工作)Don't create a
@Beandefinition for your filter (normally that's what I do, but YMMV since you might depend on autowiring or something to get it working)这篇关于Spring安全和自定义AuthenticationFilter与Spring启动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
