Spring Security addFilterПосле регистрации фильтра

Question

Я разрабатываю приложение для загрузки весны, и я использую весеннюю безопасность для защиты своего приложения. Я создал настраиваемый фильтр, и я хочу добавить его сразу после UsernamePasswordAuthenticationFilter. Для этого я использую метод HttpSecurity.addFilterAfter.

Однако мой фильтр никогда не вызывается. Попросите вас помочь мне в этом. Код:

MultiSessionCustomLMSFilter.java

public class MultiSessionCustomLMSFilter extends GenericFilterBean { 

private final static Logger log = LoggerFactory.getLogger(MultiSessionCustomLMSFilter.class); 

@Autowired private UserLoginLogRepository userLoginLogRepository; 
private ObjectMapper mapper; 

@Override 
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { 
    log.debug("Inside doFilter of MultipleSessionFilter"); 
    //CUSTOM APP SPECIFIC LOGIC GOES IN HERE 
    } 
} 

WebSecurityConfig.java

@Configuration 
@EnableWebSecurity 
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 
    public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization"; 
    public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login"; 
    public static final String CSRF_ENTRY_POINT = "/api/auth/login/csrf"; 
    public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**"; 
    public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token"; 

    @Autowired private RestAuthenticationEntryPoint authenticationEntryPoint; 
    @Autowired private AuthenticationSuccessHandler successHandler; 
    @Autowired private AuthenticationFailureHandler failureHandler; 
    @Autowired private LoginAuthenticationProvider loginAuthenticationProvider; 
    @Autowired private JwtAuthenticationProvider jwtAuthenticationProvider; 

    @Autowired private TokenExtractor tokenExtractor; 

    @Autowired private AuthenticationManager authenticationManager; 

    @Autowired private ObjectMapper objectMapper; 

    @Autowired private JwtTokenFactory jwtTokenFactory; 

    protected LoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception { 
     LoginProcessingFilter filter = new LoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper); 
     filter.setAuthenticationManager(this.authenticationManager); 
     return filter; 
    } 

    protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception { 
     List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT,FORM_BASED_LOGIN_ENTRY_POINT, CSRF_ENTRY_POINT); 
     SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT); 
     JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler, tokenExtractor, matcher,objectMapper,jwtTokenFactory); 
     filter.setAuthenticationManager(this.authenticationManager); 
     return filter; 
    } 

    @Bean 
    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) { 
     auth.authenticationProvider(loginAuthenticationProvider); 
     auth.authenticationProvider(jwtAuthenticationProvider); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.csrf().disable() 
     .exceptionHandling() 
     .authenticationEntryPoint(this.authenticationEntryPoint) 

     .and() 
      .sessionManagement() 
      .sessionCreationPolicy(SessionCreationPolicy.STATELESS) 

     .and() 
      .authorizeRequests() 
       .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point 
       .antMatchers(CSRF_ENTRY_POINT).permitAll() 
//    .antMatchers(MIQA_FORUM_ENTRY_POINT).permitAll() 
     .and() 
      .authorizeRequests() 
       .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points 
     .and().cors().and() 
      .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class) 
      .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class) 
      .addFilterAfter(new MultiSessionCustomLMSFilter(),UsernamePasswordAuthenticationFilter.class); 

    } 

приложение журнала во время вызова фильтров во время загрузки:

Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, 
[org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@a457c2b, 
org.springframework.security.web.context.SecurityContextPersistenceFilter@464aeb09, 
org.springframework.security.web.header.HeaderWriterFilter@32da97fd, 
org.springframework.web.filter.CorsFilter@16a6dc21, 
org.springframework.security.web.authentication.logout.LogoutFilter@c0c8f96, 
com.egmat.lms.security.auth.login.LoginProcessingFilter@5773d271, 
com.egmat.lms.security.auth.jwt.JwtTokenAuthenticationProcessingFilter@59f45950, 
com.egmat.lms.security.MultiSessionCustomLMSFilter@7871d261, 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter@59d6642a, 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@288728e, 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter@58164e9a, 
org.springframework.security.web.session.SessionManagementFilter@4aa22cc2, 
org.springframework.security.web.access.ExceptionTranslationFilter@e01a26b, 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5c70d7f0] 

Answer 1

ли LoginProcessingFilter и JwtTokenAuthenticationProcessingFilter продолжить цепочку фильтров?

Фильтры перед необходимостью продолжения цепи фильтра, выполнив:

chain.doFilter(request, response);