我正在尝试部署我的spring应用程序,它确实部署得很好,但如果我使用<servlet>它工作得很好,但当我切换到<过滤器>它突然停止工作,这是我的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Campus</display-name>
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
ar.com.campus.config.WebConfig,
ar.com.campus.security.config.WebSecurityConfig
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>jersey</filter-name>
<filter-class>org.glassfish.jersey.servlet.ServletContainer</filter-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>
ar.com.campus.controllers,
ar.com.campus.security.api.exceptionmapper
</param-value>
</init-param>
<init-param>
<param-name>jersey.config.servlet.filter.contextPath</param-name>
<param-value>/</param-value>
</init-param>
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.media.multipart.MultiPartFeature,
org.glassfish.jersey.tests.integration.servlettests.FilterForwardOn404Resource
</param-value>
</init-param>
<init-param>
<param-name>jersey.config.servlet.filter.forwardOn404</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>jersey</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
查看我的日志,过滤器似乎已初始化:
02:38:50.762 [RMI TCP Connection(3)-127.0.0.1] DEBUG o.s.web.filter.DelegatingFilterProxy - Initializing filter 'springSecurityFilterChain'
02:38:50.763 [RMI TCP Connection(3)-127.0.0.1] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'springSecurityFilterChain'
02:38:50.763 [RMI TCP Connection(3)-127.0.0.1] DEBUG o.s.web.filter.DelegatingFilterProxy - Filter 'springSecurityFilterChain' configured successfully
但是,当我向我拥有的任何映射端点发出请求时,它都不会通过spring安全过滤器,下面是我的WebSecurityConfig:
@Configuration
@EnableWebSecurity
@ComponentScan({"ar.com.campus.security" })
@PropertySource(value= {"classpath:application.properties"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
...
...
@Override
protected void configure(final HttpSecurity http) throws Exception {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8");
filter.setForceEncoding(true);
http
.cors()
.and()
.csrf()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, API_PREFIX + "/user").hasAuthority("USER")
.antMatchers("/**").permitAll();
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
configuration.setAllowedHeaders(Arrays.asList("authorization", "content-type", "x-auth-token"));
configuration.setExposedHeaders(Arrays.asList("x-auth-token", "authorization", "X-Total-Pages", "Content-Disposition"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
public void configure(final WebSecurity web) {
web
.ignoring()
.antMatchers("/");
}
}
过滤器按定义顺序执行。这是定义filter-mapping的顺序。在您的案例中,您在securityFilterChain之前定义了jersey过滤器。
如果切换顺序,将首先调用securityFilterChain。