无法在spring筛选器中读取标头

r3i60tvu  于 2021-09-29  发布在  Java
关注(0)|答案(0)|浏览(130)

我正在开发Spring Security 并添加了过滤器。当从 Postman 发送的请求“header”能够读取,但从react/angular请求发送的请求“header”显示为空。 Postman 没有问题,但在调用应用程序时遇到问题。

@Component
public class GenericFiltering extends GenericFilterBean {

     @Autowired
     ServiceAccessParams serviceAccessParams;

    @SuppressWarnings("unused")
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {

        try {
            HttpServletRequest req = (HttpServletRequest) request;
            HttpServletResponse res = (HttpServletResponse) response;
            System.out.println("GenericFiltering is called..."+req.getRequestURI());

              Enumeration<String> headerNames = req.getHeaderNames();

              //map<String,String> mp=new HashMap<>();
              //headerNames.forEach((key,value) ->{ System.out.println("Header Name: "+key+" Header Value: "+value); });

              /*  if (headerNames != null) {
                        while (headerNames.hasMoreElements()) {
                                System.out.println("Header: " + req.getHeader(headerNames.nextElement()));
                        }
                }*/

                if (headerNames != null) {
                    while (headerNames.hasMoreElements()) {
                        String name = headerNames.nextElement();
                        System.out.println("Header: " + name + " value:" + req.getHeader(name));
                    }
                }

            String hdrEncryptedData = req.getHeader("secretkey");
       System.out.println("sc key:"+hdrEncryptedData);

            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            chain.doFilter(request, response);

        } catch (CustomException e) {
            setResponse(response, e.getExceptionMessage());
        } catch (Exception e) {
            setResponse(response, e.getMessage());
            }
    }

}

安全文件

@Order(Ordered.HIGHEST_PRECEDENCE)
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    AuthenProvider authenProvider;  

    @Autowired
    GenericFiltering genericFiltering;

       @Bean
       public PasswordEncoder encoder() {
           return NoOpPasswordEncoder.getInstance();
       }

       @Override
       @Autowired
       protected void configure(AuthenticationManagerBuilder auth) throws Exception {
           auth.authenticationProvider(authenProvider);
       }

       @Override
       protected void configure(HttpSecurity http) throws Exception {
           http
            .csrf().disable()
            .anonymous().disable()
            . authorizeRequests()
            .antMatchers("/oauth/token/").permitAll();

           http.addFilterBefore(genericFiltering,  BasicAuthenticationFilter.class);
          }
       @Override
       public void configure(WebSecurity web) throws Exception {
         web.ignoring().antMatchers(HttpMethod.OPTIONS);
        }

       @Override
       @Bean
       public AuthenticationManager authenticationManagerBean() throws Exception {
          return super.authenticationManagerBean();
       }   

}

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题