logeed1 2019-07-30 14:55 采纳率: 25%
浏览 4736
已结题

Spring security Oauth2 自定义拦截器如何在验证token之前执行?

想通过拦截器的方式把所有的请求 带一个token过去 然后再去验证。
现在问题是没有等到我的拦截器执行就报401了 无权限了。


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@Order(-1)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        // 设置默认的加密方式
        return new BCryptPasswordEncoder();
    }


    @Bean
    @Override
    public UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 使用自定义认证与授权
        auth.userDetailsService(userDetailsService());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 将 check_token 暴露出去,否则资源服务器访问时报 403 错误

        web.ignoring().antMatchers("/oauth/check_token");

    }
    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {

        return super.authenticationManagerBean();

    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
                //自定义TokenFilter 不执行为什么?
        http.addFilterAt(new TokenFilter(), FilterSecurityInterceptor.class);
        http.requestMatchers().antMatchers(HttpMethod.OPTIONS, "/oauth/token")
                .and()
                .cors()
                .and()
                .csrf().disable();


    }




@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private AdminPermissionRepository adminPermissionRepository;
    @Autowired
    private SuccessAuthenticationSuccessHandler successAuthenticationSuccessHandler;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        List<AdminPermission> permissions = adminPermissionRepository.findAll();
        http .headers().frameOptions().sameOrigin();
        http
                .exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                 .antMatchers("/","/login","/static/**","/assets/**").permitAll();

            permissions.forEach(permission->{
                try {
                    http.authorizeRequests().antMatchers(permission.getUrl()).hasAuthority(permission.getNameEn());
                } catch (Exception e) {
                    e.printStackTrace();
                }
            });


    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
    }

}
  • 写回答

1条回答 默认 最新

  • threenewbee 2019-07-30 17:55
    关注

    https://blog.csdn.net/weixin_42844971/article/details/89457130

    评论

报告相同问题?

悬赏问题

  • ¥15 Excel发现不可读取的内容
  • ¥15 UE5#if WITH_EDITOR导致打包的功能不可用
  • ¥15 关于#stm32#的问题:CANOpen的PDO同步传输问题
  • ¥20 yolov5自定义Prune报错,如何解决?
  • ¥15 电磁场的matlab仿真
  • ¥15 mars2d在vue3中的引入问题
  • ¥50 h5唤醒支付宝并跳转至向小荷包转账界面
  • ¥15 算法题:数的划分,用记忆化DFS做WA求调
  • ¥15 chatglm-6b应用到django项目中,模型加载失败
  • ¥15 CreateBitmapFromWicBitmap内存释放问题。