我想使用自定义身份验证过滤器:
>捕获加密的标头令牌
>验证后,提取用户的详细信息,并以无状态方式将其添加到当前请求的安全上下文中
我希望能够使用此安全上下文持有者来获取有关当前请求用户正确处理其请求的详细信息.
@H_403_11@@RequestMapping(value = "/simple",method = RequestMethod.POST) @ResponseBody @Transactional @Preauthorize(...) public String simple(){ //collect the user's current details from the getPrinciple() and complete the transaction... Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); return "Simple"; }
我以前用XML做过这样的事情:
@H_403_11@
但是,我希望这可以在非xml WebSecurityConfigurerAdapter中使用较新的Spring Boot应用程序,例如Spring Boot文件中的示例:
@H_403_11@ @Bean public ApplicationSecurity applicationSecurity() { return new ApplicationSecurity(); } @Order(Ordered.LOWEST_PRECEDENCE - 8) protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // this is obvIoUsly for a simple "login page" not a custom filter! http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin() .loginPage("/login").failureUrl("/login?error").permitAll(); } }
有什么建议或类似的例子吗?
最佳答案
我现在正在做类似的事情.有人可能会在将来发现这有用.
对xml进行java配置转换会使它看起来如下所示:
对xml进行java配置转换会使它看起来如下所示:
@H_403_11@import javax.servlet.Filter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @EnableGlobalMethodSecurity(securedEnabled=true) //
