我需要为我的端点实现Spring JWT安全性。我有2条路线- 1为内部和外部第二。我试图添加下面的代码,但我的两个过滤器都在执行任何请求。我可以根据URL在过滤器中添加一个逻辑。但我觉得这不是正确的方法。请让我知道什么是正确的方法,以及如何解决它?
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/internal/**")
.authenticated()
.and()
.addFilterBefore(jwtAuthenticationInternalFilter(), BasicAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/external/**")
.authenticated()
.and()
.addFilterBefore(jwtAuthenticationExternalFilter(), BasicAuthenticationFilter.class);
public class ExternalAuthenticationFilter extends OncePerRequestFilter {
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
System.out.println("Its hitting here - External");//GET THE Information and build Authentication object..
// SecurityContextHolder.getContext().setAuthentication(token);
filterChain.doFilter(request, response);
}
}
public class InternalAuthenticationFilter extends OncePerRequestFilter {
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
System.out.println("Its hitting here - Internal");//GET THE Information and build Authentication object..
// SecurityContextHolder.getContext().setAuthentication(token);
filterChain.doFilter(request, response);
}
}字符串
内部和外部代码都在为任何请求执行。sample request /internal/abc,
/external/xyz ..这两种情况下,两个过滤器都被调用。
请建议
1条答案
按热度按时间kfgdxczn1#
您可以将安全设置分为两个不同的配置类,并使用例如
@Order(1)和@Order(2)注解。一个配置将处理/internal端点,另一个配置将处理/external端点。在configure(HttpSecurity http)方法中,首先指定要配置的端点,然后应用设置。参见下面的一个配置示例,第二个配置将是类似的:
字符串