Spring Security 3.0:如何指定自定义过滤器适用的 URL? [英] Spring Security 3.0: How do I specify URLs to which a custom filter applies?

问题描述

我正在使用带有 JSP 的 Spring Security 3.0.我创建了一个 RequireVerificationFilter，它将未经验证的用户重定向到验证您的电子邮件"页面.

I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page.

我将过滤器添加到 spring 安全过滤器堆栈的最后一个位置，如下所示:

I added the filter to the spring security filter stack in last place like so:

我的 app-config.xml 中的 Bean 定义:

Bean definition in my app-config.xml:

<bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" />

过滤器已添加到我的 security-config.xml 中的 spring 安全过滤器列表:

Filter added to spring security filter list in my security-config.xml:

<custom-filter ref="requireVerificationFilter" after="LAST" />

过滤器有效，但它过滤自己的重定向 URL.也就是说，过滤器会将未经验证的用户重定向到/access/verify，但该 URL 也会被过滤器捕获，它会无限地尝试重定向.

The filter works, but it filters its own redirect URL. That is, the filter redirects unverified users to /access/verify, but that URL is also caught by the filter, which attempts the redirect ad infinitum.

我尝试使用 <filter-mapping> 标记来限制此新过滤器适用的 URL，但这似乎并不像我想象的那样工作.这是我添加的 web.xml 条目:

I tried using the <filter-mapping> tag to restrict the URLs this new filter applies to, but that does not seem to work the way I thought it would. Here is the web.xml entry I added anyway:

    <filter>
        <filter-name>requireVerificationFilter</filter-name>
        <filter-class>com.ebisent.web.RequireVerificationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>requireVerificationFilter</filter-name>
        <url-pattern>/account/*</url-pattern>
    </filter-mapping>

我通读了 spring 安全文档中的添加自己的过滤器"，但没有找到答案.

I read through "Adding in Your Own Filters" in the spring security documention, but did not find an answer.

我的问题是，如何指定过滤器适用于哪些网址?

My question is, How can I specify which URLs my filter applies to?

更新:

我通过指定过滤器本身允许的 URL 来实现这一点.这对我来说很好用，但如果有更好/更有弹性"的方法来做到这一点，我会很高兴听到的.

I got this working by specifying the URL to allow within the filter itself. This works fine for me, but if there is a better/more "springy" way to do it, I would be glad to hear it.

推荐答案

您必须在实际配置 xml 中执行此操作(与 <custom-filter ref="requireVerificationFilter" after="LAST"/> .

You have to do this inside the actual configuration xml (same place you have the <custom-filter ref="requireVerificationFilter" after="LAST" /> .

<http ...>
   <intercept-url pattern="/access" ... filters="..., requireVerificationFilter, ..." />
   <intercept-url pattern="/verify" ... filters="none" />
   ...
</http>

沿着这些思路，您可以指定要运行的过滤器列表并排除那些您不需要的过滤器(无"表示没有).您不需要将您的过滤器添加到 web.xml - 只需与 Spring Security 过滤器链内联即可.

Something along those lines, you can specify a list of the filters you want to run and exclude those you don't (and "none" means none). You should not need to add tyour filter to the web.xml - only inline with the Spring Security filter chain.

这篇关于Spring Security 3.0:如何指定自定义过滤器适用的 URL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！