Spring 模拟 SwitchUserFilter 不工作 |过滤器未添加到 spring 安全链
Spring Impersonation SwitchUserFilter Not Working | Filter is not adding to spring security chain
SwitchUserFilter Hybris 5.7
我正在尝试将模拟功能集成到 Hybris 5.7 中。这是我到目前为止所做的以下配置。
spring-安全-config.xml
<security:http disable-url-rewriting="true" request-matcher-ref="excludeUrlRequestMatcher" use-expressions="true">
<!-- added customer filter to security chain -->
<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
</security:http>
<bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<property name="userDetailsService" ref="originalUidUserDetailsService" />
<property name="switchUserUrl" value="/j_spring_security_switch_user" />
<property name="exitUserUrl" value="/j_spring_security_exit_user" />
<property name="targetUrl" value="/" />
</bean>
Web.xml
<filter>
<filter-name>switchUserProcessingFilter</filter-name>
<filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>switchUserProcessingFilter</filter-name>
<url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>
现在每当我登录并尝试切换到另一个用户时说 user@xyz.com,我得到 NullPointerException。
https://localhost:9002/store/j_spring_security_switch_user?j_username=user@xyz.com
错误:
java.lang.NullPointerException
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.training.storefront.filters.AcceleratorAddOnFilter.doFilter(AcceleratorAddOnFilter.java:92)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:230)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
我尝试扩展 SwitchUserFilter 并调试它。我发现 SecurityContextHolder.getContext().getAuthentication(); 给出 null 这就是请求失败的原因。
我也看到了一个非常有线的情况。我已经扩展了 SwitchUserFilter 并添加了我自己的服务来编写自定义代码,但我无法 @Autowire 它。
我还尝试在用户登录时在会话中设置身份验证。但是我在扩展的 SwitchUserFilter 中找不到相同的会话属性。
在上面的代码中,我也将过滤器添加到安全过滤器链中。
<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
似乎 SwitchUserFilter 不知道什么会话正在设置或身份验证正在保存。即使我做了正确的配置,我也不明白为什么会发生这种情况。我也检查了其他相关问题,但无法解决。
请帮我解决这个问题。如果你想要更多代码,请告诉我。
问题是我的过滤器没有绑定到 Spring 安全链,所以我没有使用 custom-filter 映射,而是直接将我的过滤器注入到过滤器链。
spring-过滤器-config.xml
<alias name="defaultStorefrontTenantDefaultFilterChainList" alias="storefrontTenantDefaultFilterChainList" />
<util:list id="defaultStorefrontTenantDefaultFilterChainList">
// Other filter chain
<ref bean="switchUserProcessingFilter"/> //Added my filter here
</util:list>
并简单地在 spring-security-config.xml
中添加 switchUserProcessingFilter
所以在 web.xml 文件中编写过滤器映射和在安全-config.xml 文件中编写自定义过滤器是没有用的。
SwitchUserFilter Hybris 5.7
我正在尝试将模拟功能集成到 Hybris 5.7 中。这是我到目前为止所做的以下配置。
spring-安全-config.xml
<security:http disable-url-rewriting="true" request-matcher-ref="excludeUrlRequestMatcher" use-expressions="true">
<!-- added customer filter to security chain -->
<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
</security:http>
<bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
<property name="userDetailsService" ref="originalUidUserDetailsService" />
<property name="switchUserUrl" value="/j_spring_security_switch_user" />
<property name="exitUserUrl" value="/j_spring_security_exit_user" />
<property name="targetUrl" value="/" />
</bean>
Web.xml
<filter>
<filter-name>switchUserProcessingFilter</filter-name>
<filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>switchUserProcessingFilter</filter-name>
<url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>
现在每当我登录并尝试切换到另一个用户时说 user@xyz.com,我得到 NullPointerException。
https://localhost:9002/store/j_spring_security_switch_user?j_username=user@xyz.com
错误:
java.lang.NullPointerException
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.training.storefront.filters.AcceleratorAddOnFilter.doFilter(AcceleratorAddOnFilter.java:92)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:230)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
我尝试扩展 SwitchUserFilter 并调试它。我发现 SecurityContextHolder.getContext().getAuthentication(); 给出 null 这就是请求失败的原因。
我也看到了一个非常有线的情况。我已经扩展了 SwitchUserFilter 并添加了我自己的服务来编写自定义代码,但我无法 @Autowire 它。
我还尝试在用户登录时在会话中设置身份验证。但是我在扩展的 SwitchUserFilter 中找不到相同的会话属性。
在上面的代码中,我也将过滤器添加到安全过滤器链中。
<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />
似乎 SwitchUserFilter 不知道什么会话正在设置或身份验证正在保存。即使我做了正确的配置,我也不明白为什么会发生这种情况。我也检查了其他相关问题,但无法解决。
请帮我解决这个问题。如果你想要更多代码,请告诉我。
问题是我的过滤器没有绑定到 Spring 安全链,所以我没有使用 custom-filter 映射,而是直接将我的过滤器注入到过滤器链。
spring-过滤器-config.xml
<alias name="defaultStorefrontTenantDefaultFilterChainList" alias="storefrontTenantDefaultFilterChainList" />
<util:list id="defaultStorefrontTenantDefaultFilterChainList">
// Other filter chain
<ref bean="switchUserProcessingFilter"/> //Added my filter here
</util:list>
并简单地在 spring-security-config.xml
中添加switchUserProcessingFilter
所以在 web.xml 文件中编写过滤器映射和在安全-config.xml 文件中编写自定义过滤器是没有用的。