spring启动开关身份验证机制令牌中的基本信息

frebpwbc  于 2021-06-26  发布在  Java
关注(0)|答案(0)|浏览(185)

用例
我有一个端点,我希望它能通过两种不同类型的身份验证,基于令牌中的一些信息。安全实现是在库中完成的,我不知道 t have access to it so changing the code in library is out of question and I am assuming I need to override the config of those beans. Here 到目前为止,我所做的是:
扩展 ? extends WebSecurityConfigurerAdapter (从库中扩展类),并提供 ? extends OncePerRequestFilter (从库扩展类)作为filterregistrationbean。
情景1
使我的过滤器@order(1)和@primary:应用程序不启动,我得到异常 Cannot register after unregistered Filter class 因为父安全配置添加了多个 httpSecurity.addFilterBefore 场景2
使我的过滤器成为普通组件:应用程序确实启动了,但是首先调用了库过滤器,这是我想要避免的。
我的实现中的代码:

@Configuration
public class ABC extends ? <Which extends WebSecurityConfigurerAdapter> {
    @Override
    @Bean
    public FilterRegistrationBean<? extends OncePerRequestFilter> filterRegistrationBean() {
        FilterRegistrationBean<Interceptor> registrationBean = super.filterRegistrationBean();
        registrationBean.setFilter(this.getInterceptor());
        return registrationBean;
    }

    @Bean
    public Interceptor getInterceptor() {
        return new RequestTokenInterceptor();
    }
}

@Component
public class Interceptor extends ? <Which extends OncePerRequestFilter> {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         if (some condition) {
              //Prepare auth instance and set in security context and call filterChain.doFilter(request, response);
         } else {
              super.doFilterInternal(request, response, filterChain);
         }
    }
}

ps我想修改库中最少的代码,有线索吗?

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题