Community Learn Tools Library Leisure
search
English
java - spring security自定义filter的问题
伊谢尔伦
伊谢尔伦 2017-04-17 15:31:30
0
4
1240

用spring boot建的项目。
现在想自定义一个filter,要求实现用户名,密码,公司id一起验证。
下面是我的代码,参考UsernamePasswordAuthenticationFilter写的。

//这个是filter
public class UsernamePasswordSubdomainAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    protected UsernamePasswordSubdomainAuthenticationFilter() {
        super("/login");
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String username = this.obtainUsername(httpServletRequest);
        String password = this.obtainPassword(httpServletRequest);
        String subdomain = this.obtainSubDomain(httpServletRequest);
        if(username == null) {
            username = "";
        }

        if(password == null) {
            password = "";
        }

        if(subdomain == null){
            subdomain = "";
        }
        username = username.trim();
        UsernamePasswordSubdomainAuthenticationToken authRequest = new UsernamePasswordSubdomainAuthenticationToken(username, password, subdomain);
        this.setDetails(httpServletRequest, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordSubdomainAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }

    public String obtainUsername(HttpServletRequest request) {
        return request.getParameter("username");
    }

    public String obtainPassword(HttpServletRequest request) {
        return request.getParameter("password");
    }

    public String obtainSubDomain(HttpServletRequest request) throws MalformedURLException {
        URL url = new URL(request.getRequestURL().toString());
        String subDomain = url.getHost().split("\\.")[0];
        return subDomain;
    }
}
//这个是配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    @Autowired
//    private UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter;

    @Bean
    public UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter() {
        System.out.println(this.authenticationManager);
        UsernamePasswordSubdomainAuthenticationFilter filer = new UsernamePasswordSubdomainAuthenticationFilter();
        filer.setAuthenticationManager(authenticationManager);
        return filer;
    }

//    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user")  // #1
                .password("pass")
                .roles("USER")
                .and()
                .withUser("admin") // #2
                .password("password")
                .roles("ADMIN","USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
//        web
//                .ignoring()
//                .antMatchers("/resources/**"); // #3
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilter(usernamePasswordSubdomainAuthenticationFilter())
                .formLogin().disable()
                .httpBasic().disable()
                .csrf()
                .disable();
    }
}

然后报了下面的错误

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
    at org.springframework.util.Assert.notNull(Assert.java:112)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.afterPropertiesSet(AbstractAuthenticationProcessingFilter.java:164)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570)
伊谢尔伦
伊谢尔伦

小伙看你根骨奇佳,潜力无限,来学PHP伐。

reply all(4)
阿神
阿神2017-04-17 15:33:30 4 floor

Because you did not inject authenticationManager into filter, authenticationManager can be obtained from authentication-provider.

Like +0
Add Reply
黄舟
黄舟2017-04-17 15:33:30 3 floor

I personally think that if you want to use springSecurity but you haven’t fully understood the source code of the entire authentication process, it’s best not to use it, otherwise the project will be a complete failure.
You will understand if you look at the source code more. Your problem error message has already made it clear that the authenticationManager is not defined. Recommend an article to read carefully
http://www.liaozhida.net/springsecurity/springsecurity-%E7%AE%80%E5%8D%95%E6%8B%A6%E6%88%AA% E9%AA%8C%E8%AF%81uml%E5%9B%BE.html
SPRINGSECURITY source code analysis – what happens during the user login process

Like +0
Add Reply
黄舟
黄舟2017-04-17 15:33:30 2 floor

Did you just remove the <form-login> tag? How to weave in a custom login validation filter? Hope we can communicate.

Like +0
Add Reply
黄舟
黄舟2017-04-17 15:33:30 1 floor

http://stackoverflow.com/ques...

Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template