实现 spring 安全性(基本表单身份验证(后,我无法使用 RequestContextHolder.getRequestAttributes()
获取当前请求,这在以前工作正常。
问题是 RequestContextHolder.getRequestAttributes(( 为空,我需要从登录请求中获取一个额外的参数(租户 ID(才能选择正确的数据库。
这是我的代码:
安全
@EnableWebSecurity
public class Security extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/assets/**")
.permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/dashboard/login")
.defaultSuccessUrl("/dashboard/home")
.permitAll()
.and()
.logout()
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider
= new DaoAuthenticationProvider();
authProvider.setUserDetailsService(myUserDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(11);
}
}
CurrentTenantIdentifierResolverImpl
public class CurrentTenantIdentifierResolverImpl implements CurrentTenantIdentifierResolver {
Logger log = LogManager.getLogger(CurrentTenantIdentifierResolverImpl.class);
@Override
public String resolveCurrentTenantIdentifier() {
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpSession session = attr.getRequest().getSession(false); // true == allow create
if (session != null) {
String tenant = (String) session.getAttribute("tenant");
log.trace("Tenant default resolved in session is: " + tenant);
if (tenant != null) {
return tenant;
}
}
String request = attr.getRequest().getRequestURI();
String tenant = attr.getRequest().getParameter("tenant");
if (request.equals("/dashboard/login") && tenant != null) {
return tenant;
}
//otherwise return default tenant
log.trace("Tenant default not resolved in session");
return null;
}
@Override
public boolean validateExistingCurrentSessions() {
return true;
}
}
我不小心删除了一个至关重要的类。只需将其添加回即可解决问题。
@Configuration
@WebListener
public class MyRequestContextListener extends RequestContextListener {
}