我需要在一个过滤器中使用自动装配。因此,我使用 @Component 对我的过滤器类进行注释,
import org.springframework.web.filter.GenericFilterBean;
@Component
public class TokenAuthorizationFilter extends GenericFilterBean {
@Autowired
public EnrollCashRepository enrollCashRepository;
}
然后我在SecurityConfig中添加了以下过滤器:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity.ignoring().antMatchers(HttpMethod.GET, "/health");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(new TokenAuthorizationFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests().antMatchers("/api/**").authenticated();
}
我的问题是在使用@Component注解时,我的过滤器会被调用两次。如果我删除@Component注解,它只会被调用一次。
于是我在我的Spring Boot主类中添加了以下修复代码。然后我在SecurityConfig中将addFilterBefore的行注释掉了。
@Bean
public FilterRegistrationBean tokenAuthFilterRegistration() {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(new PITokenAuthorizationFilter());
filterRegistrationBean.setOrder(1);
filterRegistrationBean.setEnabled(false);
return filterRegistrationBean;
}
然后我的过滤器被调用一次。但是,即使我将setEnabled设置为true或false,当我调用我的rest api时,我仍然会收到403禁止错误,http://localhost:8080/api/myservice
我该如何解决这种情况,以便在我的Spring过滤器中使用@Autowired?
编辑:添加控制器和过滤器类,
@RestController
@RequestMapping(value = "/api")
public class SpringToolController {
@RequestMapping(value = "/myservice", method = RequestMethod.GET)
public HttpEntity<String> myService() {
System.out.println("-----------myService invoke-----------");
return new ResponseEntity<String>(HttpStatus.OK);
}
}
public class TokenAuthorizationFilter extends GenericFilterBean {
public TokenAuthorizationFilter(EnrollCashRepository enrollCashRepository) {
this.enrollCashRepository = enrollCashRepository;
}
public EnrollCashRepository enrollCashRepository;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
System.out.println("before PITokenAuthorizationFilter");
chain.doFilter(servletRequest, servletResponse);
System.out.println("after PITokenAuthorizationFilter");
}
public EnrollCashRepository getEnrollCashRepository() {
return enrollCashRepository;
}
public void setEnrollCashRepository(EnrollCashRepository enrollCashRepository) {
this.enrollCashRepository = enrollCashRepository;
}
}
org.springframework.security
的日志级别设置为DEBUG
并将堆栈跟踪添加到您的问题中,谢谢。 - ksokol@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
可以帮到您。否则,您的配置似乎从根本上出了问题。 - ksokol