我使用AbstractAuthenticationProcessingFilter在我的应用程序中添加了基于令牌的身份验证。一旦验证成功,一切正常,直到转发请求为止。但是,由于某些原因,找不到处理程序方法。你能帮忙吗?
2017-12-17 22:51:05,560 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:219][] Secure object: FilterInvocation: URL: /v1/userPreferences; Attributes: [permitAll]
2017-12-17 22:51:05,561 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:348][] Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@9f6533a: Principal: org.springframework.security.core.userdetails.User@a30b921b: Username: U-71155f93-8413-457c-a045-256dc6ab0a93@poims001.ucc2.ucc.stgsip.t-mobile.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: update-enterprise; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: update-enterprise
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [AffirmativeBased:66][] Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4bf2a649, returned: 1
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:243][] Authorization successful
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:256][] RunAsManager did not change Authentication object
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterChainProxy:310][] /v1/userPreferences reached end of additional filter chain; proceeding with original chain
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:108][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] looking up handler for path: /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,574 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,575 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,578 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [SecurityContextPersistenceFilter:119][] SecurityContextHolder now cleared, as request processing completed
这是我的过滤器实现:
public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter
{
final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());
@Autowired
private IAMUserDAO iamUserDAO;
@Autowired
private CDBUserProfileDao cdbUserProfileDao;
@Autowired
private IAMOAuth2Dao iamOAuth2DAO;
protected TokenAuthenticationFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl));
setAuthenticationManager(new TokenAuthenticationManager());
setAuthenticationSuccessHandler(new TokenAuthenticationSuccessHandler());
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
AbstractAuthenticationToken authToken = null;
String accessToken = request.getHeader("Authorization");
logger.info("Retrieving roles for token " + accessToken);
ResponseEntity<String> tokenResponse = Utils.validateAccessToken(request, iamOAuth2DAO);
if (tokenResponse.getStatusCode().equals(HttpStatus.OK)){
try {
UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
if(userProfileResponse != null){
String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(), userProfileResponse.getRoles().getRole());
logger.info("The action returned is " + action);
if(!StringUtil.isBlank(action)){
List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
.map(s -> new SimpleGrantedAuthority(s))
.collect(Collectors.toList());
User principal = new User(userProfileResponse.getTuid(), "", authorities);
authToken = new UsernamePasswordAuthenticationToken(principal, "", principal.getAuthorities());
}
}
}
catch(Exception e){
logger.error("rba processing encounter an error " + e.getMessage());
}
}
else{
logger.error(accessToken + " is an invalid token");
throw new AuthenticationServiceException("Invalid Token");
}
if(authToken == null){
logger.error("Authentication object couldn't be created");
throw new AuthenticationServiceException("Error creating authentication object");
}
else
logger.info("Authentication object created");
return authToken;
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}
}
这是AuthenticationSuccessHandler:
public class TokenAuthenticationSuccessHandler implements AuthenticationSuccessHandler{
final static Logger logger = Logger.getLogger(TokenAuthenticationSuccessHandler.class.getCanonicalName());
private String determineTargetUrl(HttpServletRequest request,
HttpServletResponse response) {
String context = request.getContextPath();
String fullURL = request.getRequestURI();
logger.info("The context is " + context + " and the full url is " + fullURL);
String url = fullURL.substring(fullURL.indexOf(context)+context.length());
return url;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String url = determineTargetUrl(request,response);
logger.info("Forwarding request after loading the authentication with url " + request.getRequestURL());
logger.info("The url is " + url);
request.getRequestDispatcher(url).forward(request, response);
}
}
我在应用程序上下文和导致此问题的servlet上下文之间进行了错误的连接