当前位置: 文江博客话题详情

Spring认证成功后添加请求头

发布于 2025-01-09 02:58:46 字数 879 浏览 0 评论 0原文

我有一个应用程序,其中 JWT 令牌的身份验证是使用 spring security 自定义过滤器完成的。配置如下所示,用于调用执行身份验证的客户过滤器。

    <security:http entry-point-ref="authenticationEntryPoint">
      <security:custom-filter after="BASIC_AUTH_FILTER" ref="TokenValidationFilter" />
      <security:session-management>
        <security:concurrency-control max-sessions="1" />
      </security:session-management>
      <security:csrf disabled="true"/>
      <security:anonymous enabled="false"/>
    </security:http>

我扩展了 AbstractAuthenticationProcessingFilter 类并实现了 TokenValidationFilter 并能够验证请求标头中收到的令牌。身份验证成功后,我想调用另一个外部 API 并获取一些值并将它们附加到当前请求标头中。 AbstractAuthenticationProcessingFilter 类提供 successAuthentication 方法作为回调,我可以在其中进行外部调用并修改请求标头。但我想要一个单独的类或过滤器,需要在成功验证代码可维护性后调用。请让我知道 Spring 是否为此提供了任何选项。我是 Spring 的新手,搜索了多个站点,但不知道如何解决这个问题。任何建议都会很有帮助。谢谢

原文

I have an app where authentication of JWT token is done using spring security custom filter. The configuration looks as below to invoke the customer filter which does the authentication.

    <security:http entry-point-ref="authenticationEntryPoint">
      <security:custom-filter after="BASIC_AUTH_FILTER" ref="TokenValidationFilter" />
      <security:session-management>
        <security:concurrency-control max-sessions="1" />
      </security:session-management>
      <security:csrf disabled="true"/>
      <security:anonymous enabled="false"/>
    </security:http>

I extended AbstractAuthenticationProcessingFilter class and implemented TokenValidationFilter and able to authenticate the token received in request header. After successfull authentication, I want to call an another external API and get few values and append them in current request header. AbstractAuthenticationProcessingFilter class offers successfulAuthentication method as callback where I can do the external call and modify the request header. But I want to have a separate class or filter which needs to be invoked after successfull authentication for code maintainablility. Please let me know whether Spring offers any option for this. I am newbie to Spring and searched multiple sites but could not figure out how to approach this. Any suggestion would be much helpful.Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

你是我的挚爱i 2025-01-16 02:58:46

请查看 AuthenticationSuccessHandler

它允许您控制登录成功时的响应。

这是一个例子:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
    ...
     
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            ...
            .formLogin()
                .loginPage("/login")
                .usernameParameter("email")
                .permitAll()
                .successHandler(new AuthenticationSuccessHandler() {
 
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                            Authentication authentication) throws IOException, ServletException {
                        // You have access to request, respnse, and authentication object containing all the user details.
                        response.addHeader("Header_Name", value);
                    }
                })
            ...
    }
 
}

Please look into AuthenticationSuccessHandler.

It allows you to control the response when login is successful.

Here is an example:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
    ...
     
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            ...
            .formLogin()
                .loginPage("/login")
                .usernameParameter("email")
                .permitAll()
                .successHandler(new AuthenticationSuccessHandler() {
 
                    @Override
                    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                            Authentication authentication) throws IOException, ServletException {
                        // You have access to request, respnse, and authentication object containing all the user details.
                        response.addHeader("Header_Name", value);
                    }
                })
            ...
    }
 
}
回复 原文
~没有更多了~

关于作者

幸福还没到

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文