Spring Security 3.0:如何指定自定义过滤器适用的 URL? [英] Spring Security 3.0: How do I specify URLs to which a custom filter applies?
问题描述
我正在使用带有 JSP 的 Spring Security 3.0.我创建了一个 RequireVerificationFilter,它将未经验证的用户重定向到验证您的电子邮件"页面.
I am using Spring Security 3.0 with JSPs. I have created a RequireVerificationFilter that redirects unverified users to a "verify your email" page.
我将过滤器添加到 spring 安全过滤器堆栈的最后一个位置,如下所示:
I added the filter to the spring security filter stack in last place like so:
我的 app-config.xml 中的 Bean 定义:
Bean definition in my app-config.xml:
<bean id="requireVerificationFilter" class="com.ebisent.web.RequireVerificationFilter" />
过滤器已添加到我的 security-config.xml 中的 spring 安全过滤器列表:
Filter added to spring security filter list in my security-config.xml:
<custom-filter ref="requireVerificationFilter" after="LAST" />
过滤器有效,但它过滤自己的重定向 URL.也就是说,过滤器会将未经验证的用户重定向到/access/verify,但该 URL 也会被过滤器捕获,它会无限地尝试重定向.
The filter works, but it filters its own redirect URL. That is, the filter redirects unverified users to /access/verify, but that URL is also caught by the filter, which attempts the redirect ad infinitum.
我尝试使用 <filter-mapping>
标记来限制此新过滤器适用的 URL,但这似乎并不像我想象的那样工作.这是我添加的 web.xml 条目:
I tried using the <filter-mapping>
tag to restrict the URLs this new filter applies to, but that does not seem to work the way I thought it would. Here is the web.xml entry I added anyway:
<filter>
<filter-name>requireVerificationFilter</filter-name>
<filter-class>com.ebisent.web.RequireVerificationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requireVerificationFilter</filter-name>
<url-pattern>/account/*</url-pattern>
</filter-mapping>
我通读了 spring 安全文档中的添加自己的过滤器",但没有找到答案.
I read through "Adding in Your Own Filters" in the spring security documention, but did not find an answer.
我的问题是,如何指定过滤器适用于哪些网址?
My question is, How can I specify which URLs my filter applies to?
更新:
我通过指定过滤器本身允许的 URL 来实现这一点.这对我来说很好用,但如果有更好/更有弹性"的方法来做到这一点,我会很高兴听到的.
I got this working by specifying the URL to allow within the filter itself. This works fine for me, but if there is a better/more "springy" way to do it, I would be glad to hear it.
推荐答案
您必须在实际配置 xml 中执行此操作(与 <custom-filter ref="requireVerificationFilter" after="LAST"/>
.
You have to do this inside the actual configuration xml (same place you have the <custom-filter ref="requireVerificationFilter" after="LAST" />
.
<http ...>
<intercept-url pattern="/access" ... filters="..., requireVerificationFilter, ..." />
<intercept-url pattern="/verify" ... filters="none" />
...
</http>
沿着这些思路,您可以指定要运行的过滤器列表并排除那些您不需要的过滤器(无"表示没有).您不需要将您的过滤器添加到 web.xml - 只需与 Spring Security 过滤器链内联即可.
Something along those lines, you can specify a list of the filters you want to run and exclude those you don't (and "none" means none). You should not need to add tyour filter to the web.xml - only inline with the Spring Security filter chain.
这篇关于Spring Security 3.0:如何指定自定义过滤器适用的 URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!