我正在Grails应用程序中实现一个自定义的Spring Security过滤器,我希望仅在用户提交登录表单时应用该过滤器。
配置文件中的Spring Security设置如下所示:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'package.User'
grails.plugins.springsecurity.authority.className = 'package.Role'
grails.plugins.springsecurity.providerNames = ['anonymousAuthenticationProvider', 'apiServiceProvider']
grails.plugins.springsecurity.portMapper.httpPort = 80
grails.plugins.springsecurity.portMapper.httpsPort = 443
grails.plugins.springsecurity.secureChannel.definition = [
'/css/**': 'ANY_CHANNEL',
'/home/**': 'ANY_CHANNEL',
'/images/**': 'ANY_CHANNEL',
'/js/**': 'ANY_CHANNEL',
'/**': 'REQUIRES_SECURE_CHANNEL'
]
grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugins.springsecurity.filterChain.chainMap = [
'/j_spring_security_check': 'myFilter',
'/**': 'JOINED_FILTERS'
]
过滤器类如下所示:
class MyFilter implements Filter {
@Override
void init(FilterConfig filterConfig) throws ServletException {}
@Override
void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(servletRequest, servletResponse)
}
@Override
void destroy() {}
}
上面将它作为Spring bean链接到resources.groovy文件中,如下所示:
beans = {
myFilter (MyFilter)
...
}
当我导航至登录页面并在表单上按“提交”时,浏览器在应用程序中请求路径/ j_spring_security_check,过滤器开始运行(由调试器断点确定),但浏览器返回404错误。
在配置中没有过滤器,即
'/j_spring_security_check': 'myFilter',被注释掉,该应用程序运行正常。我尝试了其他SO问题中描述的各种解决方案,但均无济于事。
我错过了什么?
最佳答案
现在,我已解决了该问题,很明显...我需要在j_spring_security_check URL的映射条目中包括所有其他标准Spring过滤器。然后,配置中的过滤器映射变为:
grails.plugins.springsecurity.filterChain.chainMap = [
'/j_spring_security_check': 'myFilter,securityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeAuthenticationFilter,anonymousAuthenticationFilter,exceptionTranslationFilter',
'/**': 'JOINED_FILTERS'
]
关于spring - 自定义Spring Security过滤器链返回404,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34073801/