JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Web Framework  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友    訂閱主題
reply to postflat modego to previous topicgo to next topic
本主題所含的標籤
無標籤
作者 Spring Security 自訂義Filter 問題
latitude06





發文: 81
積分: 0
於 2017-07-05 09:34 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
小弟最近再利用 Spring boot Security 製作權限但是執行時出現此問題
搞了好幾天一直不知道問題出在哪 ...
希望有高手能幫忙解惑一下..
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
java.lang.IllegalArgumentException: Invalid javax.annotation.PostConstruct annotation
  at org.apache.catalina.core.DefaultInstanceManager.findLifecycleCallback(DefaultInstanceManager.java:732) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.DefaultInstanceManager.findPostConstruct(DefaultInstanceManager.java:707) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.DefaultInstanceManager.populateAnnotationsCache(DefaultInstanceManager.java:384) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:142) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:135) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:111) ~[tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4590) [tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5233) [tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419) [tomcat-embed-core-8.5.15.jar:8.5.15]
  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) [tomcat-embed-core-8.5.15.jar:8.5.15]
  at java.util.concurrent.FutureTask.run(Unknown Source) [na:1.8.0_51]
  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_51]
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_51]
  at java.lang.Thread.run(Unknown Source) [na:1.8.0_51]


設定代碼如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebApplication extends WebSecurityConfigurerAdapter {
 
  @Bean
  public UserDetailsService customUserService() {
    return new MyUserDetailsService();
  }
 
  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(customUserService());
  }
 
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()// 配置安全策略
        .antMatchers("/", "/hello").permitAll()// 定义/请求不需要验证
        .anyRequest().authenticated()// 其余的所有请求都需要验证
        .and().logout().logoutUrl("/custom-logout").logoutSuccessUrl("/hello").permitAll().and().formLogin();
  }
 
}


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
@Service
public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 
  /**
   * 
   */
  @Autowired
  private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
  /**
   * 
   */
  @Autowired
  private MyAccessDecisionManager myAccessDecisionManager;
  
  /**
   * 
   */
  @Autowired
  private AuthenticationManager authenticationManager;
  // ----------------------------------------------------------------------------------------
 
  /**
   * 
   */
  @Override
  public void destroy() {
    // TODO Auto-generated method stub
  }
 
  /**
   * 
   */
  @Override
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
 
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    invoke(fi);
  }
 
  /**
   * 
   * @param fi
   * @throws IOException
   * @throws ServletException
   */
  public void invoke(FilterInvocation fi) throws IOException, ServletException {
 
    InterceptorStatusToken token = super.beforeInvocation(fi);
 
    try {
      fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
      super.afterInvocation(token, null);
    }
  }
 
  /**
   * 
   */
  @PostConstruct
  public void init() throws ServletException {
    super.setAuthenticationManager(authenticationManager);
    super.setAccessDecisionManager(myAccessDecisionManager);
  }
 
  /**
   * 
   */
  @Override
  public Class<?> getSecureObjectClass() {
    return FilterInvocation.class;
  }
 
  /**
   * 
   */
  @Override
  public SecurityMetadataSource obtainSecurityMetadataSource() {
    return this.securityMetadataSource;
  }
 
  @Override
  public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
    super.setAccessDecisionManager(accessDecisionManager);
  }
 
  /**
   * 
   */
  public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
    return this.securityMetadataSource;
  }
 
  /**
   * 
   */
  public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) {
    this.securityMetadataSource = securityMetadataSource;
  }
 
  @Override
  public void init(FilterConfig filterConfig) throws ServletException {
  }
 
}


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
@Service
public class MyAccessDecisionManager implements AccessDecisionManager {
  
  @Override
  public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
      throws AccessDeniedException, InsufficientAuthenticationException {
    
    if (configAttributes == null) {
      return;
    }
 
    Iterator<ConfigAttribute> ite = configAttributes.iterator();
 
    while (ite.hasNext()) {
      ConfigAttribute ca = ite.next();
      String needRole = ((SecurityConfig) ca).getAttribute();
      System.out.println("MyAccessDecisionManager -->> " + needRole);
      for (GrantedAuthority ga : authentication.getAuthorities()) {
        if (needRole.trim().equals(ga.getAuthority().trim())) {
          return;
        }
      }
    }
 
    throw new AccessDeniedException("MyAccessDecisionManager error");
  }
 
  @Override
  public boolean supports(ConfigAttribute attribute) {
 
    return false;
  }
 
  @Override
  public boolean supports(Class<?> clazz) {
 
    return true;
  }
 
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
@Service
public class SecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {
 
  /**
   * 
   */
  private HashMap<String, Collection<ConfigAttribute>> resourceMap;
 
  /**
   * 
   */
  public SecurityMetadataSourceService() {
    loadResourceDefine();
  }
  
  /**
   * 提取所有權限資料
   */
  private void loadResourceDefine() {
    
    System.out.println("新增權限 -->> loadResourceDefine");
    
    resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
 
    ConfigAttribute ca = new SecurityConfig("ROLE_ADMIN");
    Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
    atts.add(ca);
 
    resourceMap.put("/hello", atts);
 
    ConfigAttribute ca2 = new SecurityConfig("ROLE_NO");
    Collection<ConfigAttribute> atts2 = new ArrayList<ConfigAttribute>();
    atts2.add(ca2);
 
    resourceMap.put("/add", atts);
  }
 
  @Override
  public Collection<ConfigAttribute> getAllConfigAttributes() {
    // TODO Auto-generated method stub
    return null;
  }
 
  /**
   * 參數是要訪問的URL,返回這個URL對於的所有權限(或角色)
   * 
   * @param arg0
   * @return
   * @throws IllegalArgumentException
   */
  @Override
  public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    
    
    FilterInvocation filterInvocation = (FilterInvocation) object;
    Iterator<String> ite = resourceMap.keySet().iterator();
    System.out.println("進行訪問 -->> "+filterInvocation.getHttpRequest().toString());
 
    while (ite.hasNext()) {
      String resURL = ite.next();
      RequestMatcher requestMatcher = new AntPathRequestMatcher(resURL);
      if (requestMatcher.matches(filterInvocation.getHttpRequest())) {
        return resourceMap.get(resURL);
      }
    }
    return null;
  }
 
  @Override
  public boolean supports(Class<?> arg0) {
    System.out.println("supports ?? ");
    return true;
  }
 
}


SpringDemo.7z (185.15k)


latitude06 edited on 2017-07-06 01:04
reply to postreply to post
話題樹型展開
人氣 標題 作者 字數 發文時間
539 Spring Security 自訂義Filter 問題 latitude06 8208 2017-07-05 09:34
447 Re:Spring Security 自訂義Filter 問題 pclevin 49 2017-07-05 14:42
423 Re:Spring Security 自訂義Filter 問題 latitude06 120 2017-07-06 01:05
423 Re:Spring Security 自訂義Filter 問題 pico2k 528 2017-07-06 05:51
474 Re:Spring Security 自訂義Filter 問題 latitude06 635 2017-07-06 07:04
» JWorld@TW »  Web Framework

reply to postflat modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8