logo标签列表

为什么我的doFilterInternal方法没有被调用?

javaspringspring-security
3

我正在尝试实现一个过滤器,最终将记录用户在系统内的导航。

我的Spring上下文如下:

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                        http://www.springframework.org/schema/context
                        http://www.springframework.org/schema/context/spring-context-3.2.xsd
    http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- <sec:global-method-security secured-annotations="enabled" /> -->
<!-- Importa configuracion de seguridad de ldap -->
<import resource="classpath:/spring/ldap-config.xml" />

<sec:http pattern="/resources" security="none" />

<sec:http use-expressions="true" auto-config="true">

    <sec:intercept-url pattern="/seguridad/login.xhtml"
        access="permitAll" />
    <sec:intercept-url pattern="/*.jsp" access="isAuthenticated()" />
    <sec:intercept-url pattern="/" access="isAuthenticated()" />
    <sec:intercept-url pattern="/views/**" access="isAuthenticated()" />

    <sec:form-login login-page="/seguridad/login.xhtml"
        authentication-failure-url="/seguridad/login.xhtml" />

    <sec:logout invalidate-session="true" />

    <sec:access-denied-handler error-page="/seguridad/accesoDenegado.xhtml" />

    <sec:custom-filter ref="navegationFilter" after="FILTER_SECURITY_INTERCEPTOR" />
</sec:http>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider
        user-service-ref="userDetailService" />
</sec:authentication-manager>

<b:bean id="navegationFilter" class="com.praxis.desvucem.web.service.seguridad.NavegationFilter" />

我的过滤器类如下所示:
package com.praxis.desvucem.web.service.seguridad;

import java.io.IOException;


import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;

import org.springframework.web.filter.RequestContextFilter;

import javax.servlet.http.HttpSession;

public class NavegationFilter extends RequestContextFilter {

protected static Logger logger = Logger.getLogger("service");

@Override
// @LogMe
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
        throws ServletException, IOException {

    logger.debug("Running Navegation filter");

    HttpSession session = request.getSession(false);

    if (session != null) {
        logger.debug("User is trying to access site for the second time");
        logger.debug("Request URI: " + request.getRequestURI());
    }
    else {
        logger.debug("Session is null");
    }

    logger.debug("Continue with remaining filters");
    filterChain.doFilter(request, response);
}

当我运行它时,没有任何错误,并且我的过滤器甚至被触发,但它从未调用我的doFilterInternal方法。以下是日志的摘录:

13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 6 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 7 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 192.168.4.148; SessionId: 1v5ehc9tvkn7u1bft3w17n6wtv; Granted Authorities: ROLE_ANONYMOUS'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 8 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 9 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 10 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.web.util.AntPathRequestMatcher - Checking match of request : '/seguridad/login.xhtml'; against '/seguridad/login.xhtml'
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /seguridad/login.xhtml; Attributes: [permitAll]
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 192.168.4.148; SessionId: 1v5ehc9tvkn7u1bft3w17n6wtv; Granted Authorities: ROLE_ANONYMOUS
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@9604a9e, returned: 1
13:33:02.889 [168531621@qtp-1002845369-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Authorization successful
13:33:02.890 [168531621@qtp-1002845369-5] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - RunAsManager did not change Authentication object
13:33:02.890 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml at position 11 of 11 in additional filter chain; firing Filter: 'NavegationFilter'
13:33:02.890 [168531621@qtp-1002845369-5] DEBUG o.s.security.web.FilterChainProxy - /seguridad/login.xhtml reached end of additional filter chain; proceeding with original chain

那么为什么我的doFilterInternal方法没有被调用呢?谢谢提前。

2个回答
3

为什么要扩展RequestContextFilter

RequestContextFilterOncePerRequestFilter的子类,其中包含逻辑,可以防止过滤器类在每个请求中被调用超过一次。

如果我想要一个通用的过滤器,我应该扩展哪个类? - linker85
好的,我通过将RequestContextFilter更改为GenericFilterBean来解决了我的问题,在我的类的扩展中。 - linker85
0

RequestContextFilterOncePerRequestFilter 的子类,因此需要从 OncePerRequestFilter 类进行扩展。

在从 OncePerRequestFilter 类进行扩展后,你会发现一个问题,那就是 FilterChainHttpServletRequestHttpServletResponse 使用的是 jakarta 包,而你使用的是 javax 包。

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接