为什么通过 DSL 的 HttpSecurity 配置似乎与显式配置的工作方式不同? [英] Why does HttpSecurity configuration via DSL not seem to work the same as explicit configuration?
问题描述
我为我的自定义身份验证机制编写了一个 DSL 来配置 HttpSecurity
时遇到了麻烦,但是我应用到它的大部分配置在应用程序运行时似乎没有生效,而当我在 web 应用程序中手动配置时,一切正常.
I went through the trouble to write a DSL to configure the HttpSecurity
for my custom authentication mechanism, but most of the configuration I apply to it doesn't seem to be in effect when the application runs, while everything works perfectly when I configure it all manually in the webapp.
首先,手动配置,导致我的 EntryPoint
触发,authenticationProvider
被查询,过滤器被添加到链中,以及我的 rememberMeServices代码> 被添加到该过滤器.一切正常.
First, the manual configuration, which results in my EntryPoint
firing, authenticationProvider
being queried, the filter being added to the chain, and my rememberMeServices
being added to that filter. Everything correct.
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/auth/callback").permitAll()
.anyRequest().authenticated()
.and()
.authenticationProvider(authProvider)
.rememberMe()
.rememberMeServices(rememberMeServices)
.and()
.exceptionHandling()
.authenticationEntryPoint(entryPoint)
.and()
.addFilterAfter(filter, UsernamePasswordAuthenticationFilter.class);
/* The following code is basically what gets run when the DSL is in use
http
.apply(new EPIdentityDsl())
// lots of setters called here, removed for clarity
.and()
.authorizeRequests().anyRequest().authenticated();
*/
}
}
然而,DSL 中的代码看起来像这样,当使用它时,authenticationEntryPoint
永远不会触发.rememberMeServices
确实得到了配置,看起来过滤器已正确添加到链中,但我只是收到了 403 响应的错误页面,而不是看到 entryPoint
重定向.
However, the code in the DSL looks like this, and when it is used, the authenticationEntryPoint
never fires. The rememberMeServices
do get configured, and it looks like the filter gets added to the chain correctly, but I just get an error page for a 403 response instead of seeing the entryPoint
redirection.
public class EPIdentityDsl extends AbstractHttpConfigurer<EPIdentityDsl, HttpSecurity> {
@Override
public void init(HttpSecurity http) throws Exception {
// any method that adds/removes another configurer
// must be done in the init method
log.debug("dsl init");
http
.exceptionHandling()
.and()
.rememberMe();
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(filterProcessesUrl).permitAll()
.and()
.authenticationProvider(authProvider)
.exceptionHandling()
.authenticationEntryPoint(entryPoint)
.and()
.rememberMe()
.rememberMeServices(rememberMeServices)
.and()
.addFilterAfter(filter, UsernamePasswordAuthenticationFilter.class);
}
}
显然,我在文档或其他内容中遗漏了一些微妙的交互,导致我基于 DSL 的 entryPoint
配置丢失.知道为什么吗?如果我不得不猜测,那将是我指定路径的方式有问题,但我无法弄清楚.
Clearly, there's some subtle interaction that I'm missing in the documentation or something, causing my DSL-based configuration of entryPoint
to get lost. Any idea why? If I had to guess, it would be that I'm doing something wrong with the way I'm specifying paths, but I can't figure it out.
推荐答案
我遇到了类似的问题.我通过将 entryPoint 移动到 init 来解决它
I had a similar problem. I solved it by moving entryPoint to init
这篇关于为什么通过 DSL 的 HttpSecurity 配置似乎与显式配置的工作方式不同?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!