为什么spring调用一个传统的过滤链和一个原始的过滤链?

rjee0c15  于 2021-07-24  发布在  Java
关注(0)|答案(1)|浏览(477)

在我的日志中,我发现spring在授权我的请求时调用了两个独立的过滤器链。所以我的问题是,为什么spring会调用一个额外的过滤链以及一个原始的过滤链呢。因为这种行为会导致我的应用程序在处理请求时对用户进行两次身份验证。尤其是它不必要地再次调用了我的authenticationfilter。
您可以在这里看到日志:

27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/api/account/@me'; against '/api/account/**'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 1 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 2 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 3 of 10 in additional filter chain; firing Filter: 'HeaderWriterFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 4 of 10 in additional filter chain; firing Filter: 'TokenAuthenticationFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] d.t.o.a.a.TokenAuthenticationFilter      : Request is to process authentication
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authentication attempt using dev.teamnight.oauth2.authserver.authentication.ApplicationAuthenticationProvider
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authentication attempt using dev.teamnight.oauth2.authserver.authentication.BearerAuthenticationProvider
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] d.t.o.a.a.TokenAuthenticationFilter      : Authentication success. Updating SecurityContextHolder to contain: dev.teamnight.oauth2.authserver.authentication.TokenAuthenticationToken@aeed7374: Principal: dev.teamnight.oauth2.authserver.authentication.OAuth2Principal@46a2793d; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter  : SecurityContextHolder not populated with anonymous token, as it already contained: 'dev.teamnight.oauth2.authserver.authentication.TokenAuthenticationToken@aeed7374: Principal: dev.teamnight.oauth2.authserver.authentication.OAuth2Principal@46a2793d; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] s.CompositeSessionAuthenticationStrategy : Delegating to org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy@5f8a02cf
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher  : Request '/api/account/@me' matched by universal pattern '/**'
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /api/account/@me; Attributes: [hasAnyAuthority('READ_ALL','BEARER_ACCESS')]
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: dev.teamnight.oauth2.authserver.authentication.TokenAuthenticationToken@aeed7374: Principal: dev.teamnight.oauth2.authserver.authentication.OAuth2Principal@46a2793d; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.h.RoleHierarchyImpl              : getReachableGrantedAuthorities() - From the roles [SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS] one can reach [SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS] in zero or more steps.
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@2830c7a3, returned: 1
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorization successful
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor    : RunAsManager did not change Authentication object
<< Additional Filter Chain Ends >> 27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : /api/account/@me reached end of additional filter chain; proceeding with original chain
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] d.t.o.a.a.TokenAuthenticationFilter      : Request is to process authentication
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authentication attempt using dev.teamnight.oauth2.authserver.authentication.ApplicationAuthenticationProvider
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager     : Authentication attempt using dev.teamnight.oauth2.authserver.authentication.BearerAuthenticationProvider
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] d.t.o.a.a.TokenAuthenticationFilter      : Authentication success. Updating SecurityContextHolder to contain: dev.teamnight.oauth2.authserver.authentication.TokenAuthenticationToken@c97cfb62: Principal: dev.teamnight.oauth2.authserver.authentication.OAuth2Principal@571022e9; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : Secure object: ReflectiveMethodInvocation: public dev.teamnight.oauth2.authserver.entities.json.AccountDTO dev.teamnight.oauth2.authserver.controllers.ApiController.getBearedAccount(javax.servlet.http.HttpServletRequest); target is of class [dev.teamnight.oauth2.authserver.controllers.ApiController]; Attributes: [[authorize: 'hasAuthority('BEARER_ACCESS')', filter: 'null', filterTarget: 'null']]
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : Previously Authenticated: dev.teamnight.oauth2.authserver.authentication.TokenAuthenticationToken@c97cfb62: Principal: dev.teamnight.oauth2.authserver.authentication.OAuth2Principal@571022e9; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.h.RoleHierarchyImpl              : getReachableGrantedAuthorities() - From the roles [SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS] one can reach [SCOPE_account.email, BEARER_ACCOUNT_1, SCOPE_account.basic, BEARER_ACCESS] in zero or more steps.
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@35948508, returned: 1
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : Authorization successful
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.a.i.a.MethodSecurityInterceptor    : RunAsManager did not change Authentication object
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@37c5e3bd
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] o.s.s.w.a.ExceptionTranslationFilter     : Chain processed normally
27-01-2021 DEBUG 10784 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed

这是我的Web安全配置:

@Bean
        @Qualifier("accountApiAuthenticationFilter")
        public TokenAuthenticationFilter accountApiAuthenticationFilter(TokenAuthenticationFailureHandler failureHandler,
                TokenAuthenticationSuccessHandler successHandler) throws Exception {
            TokenAuthenticationFilter filter = new TokenAuthenticationFilter();
            filter.setAuthenticationManager(authenticationManagerBean());
            filter.setAuthenticationFailureHandler(failureHandler);
            filter.setAuthenticationSuccessHandler(successHandler);
            filter.setAllowedTokenTypes(TokenType.APPLICATION, TokenType.BEARER);
            return filter;
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/api/account/**")
                .addFilterBefore(accountApiAuthenticationFilter(null, null), UsernamePasswordAuthenticationFilter.class)
                .authorizeRequests()
                .antMatchers("**").hasAnyAuthority("READ_ALL", "BEARER_ACCESS")
                .anyRequest().authenticated()
                .and()
                .authenticationProvider(this.appProvider)
                .authenticationProvider(this.bearerProvider)
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(new TokenAuthenticationEntryPoint())
                .and()
                .cors().disable()
                .formLogin().disable()
                .csrf().disable()
                .logout().disable();
        }
mbskvtky

mbskvtky1#

默认情况下,SpringBoot将注册所有 javax.servlet.Filter 常规中的示例 FilterChain . 您可以通过添加 FilterRegistrationBean (从spring boot)禁用此注册。

相关问题