如果 spring 安全启用。其余 api 不工作
If spring security enabled . The rest api is not working
@SpringBootApplication()
@ComponentScan( basePackageClasses = {Implementation.class,ApiController.class})
public class ServiceApplication {
public static void main(String[] args) {
SpringApplication.run(ServiceApplication.class, args);
}
}
spring 安全
@Configuration
@EnableWebSecurity
public class ApiController extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
csrf().disable()
.antMatcher("/b/**")
.addFilterAfter(new TokenFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().permitAll();
}
}
TokenFilter 进行身份验证
public class TokenFilter extends OncePerRequestFilter
{
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
{
if( ! isTokenValid(request))
{
response.setStatus(401);
}
}
private boolean isTokenValid(HttpServletRequest request)
{
return true;
}
}
api
@RestController
@RequestMapping(path = "/b")
public class Implementation
{
@GetMapping(path = "/freeze")
@ResponseBody
public String freezeAMovieSlot( )
{
return "HI";
}
如果我禁用 spring 安全性,我将收到 HI 响应
但是对于上面的代码,HI 没有收到响应..
响应代码为 200
我错过了什么!!!!
添加后
filterChain.doFilter(request, response);
在 TokenFilter 的 doFilterInternal 方法中 class 它有效。
这可能是因为我没有链接它,所以过滤器在中间掉落了
@SpringBootApplication()
@ComponentScan( basePackageClasses = {Implementation.class,ApiController.class})
public class ServiceApplication {
public static void main(String[] args) {
SpringApplication.run(ServiceApplication.class, args);
}
}
spring 安全
@Configuration
@EnableWebSecurity
public class ApiController extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
csrf().disable()
.antMatcher("/b/**")
.addFilterAfter(new TokenFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().permitAll();
}
}
TokenFilter 进行身份验证
public class TokenFilter extends OncePerRequestFilter
{
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
{
if( ! isTokenValid(request))
{
response.setStatus(401);
}
}
private boolean isTokenValid(HttpServletRequest request)
{
return true;
}
}
api
@RestController
@RequestMapping(path = "/b")
public class Implementation
{
@GetMapping(path = "/freeze")
@ResponseBody
public String freezeAMovieSlot( )
{
return "HI";
}
如果我禁用 spring 安全性,我将收到 HI 响应 但是对于上面的代码,HI 没有收到响应.. 响应代码为 200 我错过了什么!!!!
添加后
filterChain.doFilter(request, response);
在 TokenFilter 的 doFilterInternal 方法中 class 它有效。
这可能是因为我没有链接它,所以过滤器在中间掉落了