(自定义)RestAuthenticationProcessingFilter 排序的异常 [英] Exception with (Custom) RestAuthenticationProcessingFilter Ordering

问题描述

我尝试通过令牌向我的应用程序添加 Rest 身份验证.我创建了一个简单的过滤器，什么都不做就打印一条消息:

I try to add Rest authentication by token to my app. I created a simple filter doing nothing else print a message :

public class RestAuthenticationProcessingFilter extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
        System.out.println(arg0);
        // EDIT 25/02/2014
        arg2.doFilter(arg0,arg1);
    }
}

我将 Spring 4.0 和 Spring Security 3.2 与 JavaConfig 结合使用.

I'm using Spring 4.0 and Spring Security 3.2 with JavaConfig.

我在我的适配器中添加了这个:

I added this in my adapter :

@Override
protected void configure(HttpSecurity http) throws Exception {
    /*
     * @RemarqueDev Différence entre permitAll et anonymous : permitAll
     * contient anonymous. Anonymous uniquement pour non connecté
     */
     http.addFilter(new RestAuthenticationProcessingFilter());
     http.csrf().disable().headers().disable();
     http.exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
}

当我运行 jetty 服务器时，我收到此消息:

When I run jetty server, I receive this message:

Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public javax.servlet.Filter org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain() throws java.lang.Exception] threw exception; nested exception is java.lang.IllegalArgumentException: The Filter class my.package.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.:
java.lang.IllegalArgumentException: The Filter class com.jle.athleges.config.RestAuthenticationProcessingFilter does not have a registered order and cannot be added without a specified order. Consider using addFilterBefore or addFilterAfter instead.
    at org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilter(HttpSecurity.java:1122)

为什么?

推荐答案

addFilter:

添加一个过滤器，该过滤器必须是其中一个过滤器的实例或扩展其中之一安全框架内提供.该方法确保过滤器的排序是自动处理的.订购过滤器是:...

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework. The method ensures that the ordering of the Filters is automatically taken care of. The ordering of the Filters is:...

您的过滤器不是安全框架内过滤器的实例或扩展.

Your filter is not an instance or extend of the Filter within the Security framework.

你可以做的是使用 addFilterBefore 或 addFilterAfter.

What you can do however is use addFilterBefore or addFilterAfter.

例如:

addFilterBefore(new RestAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)

安全过滤器链的顺序可以在docs.

You can find the order of the security filter chain in the docs.

这篇关于(自定义)RestAuthenticationProcessingFilter 排序的异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！