ITdaan
搜索本文相关内容

Spring Impersonation SwitchUserFilter不工作|过滤器不会添加到弹簧安全链

[英]Spring Impersonation SwitchUserFilter Not Working | Filter is not adding to spring security chain

本文翻译自  Free-Minded  查看原文  2016/01/08  515    spring/ java/ spring-mvc/ hybris/ spring-security           

SwitchUserFilter Hybris 5.7

SwitchUserFilter Hybris 5.7

I am trying to integrate impersonation functionality in Hybris 5.7. Here is the follow configuration i have done so far.

我正在尝试在Hybris 5.7中集成模拟功能。这是我到目前为止所做的以下配置。

spring-security-config.xml

<security:http disable-url-rewriting="true"  request-matcher-ref="excludeUrlRequestMatcher" use-expressions="true">

    <!-- added customer filter to security chain -->
    <security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

</security:http>

<bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter">
    <property name="userDetailsService" ref="originalUidUserDetailsService" />
    <property name="switchUserUrl" value="/j_spring_security_switch_user" />
    <property name="exitUserUrl" value="/j_spring_security_exit_user" />
    <property name="targetUrl" value="/" />
</bean>

Web.xml

<filter>
    <filter-name>switchUserProcessingFilter</filter-name>
    <filter-class>org.springframework.security.web.authentication.switchuser.SwitchUserFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>switchUserProcessingFilter</filter-name>
    <url-pattern>/j_spring_security_switch_user</url-pattern>
</filter-mapping>

Now whenever I am login and trying to switch to another user say user@xyz.com, I am getting NullPointerException.

现在每当我登录并尝试切换到另一个用户说user@xyz.com时,我都会收到NullPointerException。

https://localhost:9002/store/j_spring_security_switch_user?j_username=user@xyz.com

Error :

java.lang.NullPointerException
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.attemptSwitchUser(SwitchUserFilter.java:209)
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:155)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.training.storefront.filters.AcceleratorAddOnFilter.doFilter(AcceleratorAddOnFilter.java:92)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:230)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

I have tried to extend SwitchUserFilter and debug it. I found that SecurityContextHolder.getContext().getAuthentication(); is giving null thats why request is failing.

我试图扩展SwitchUserFilter并进行调试。我发现SecurityContextHolder.getContext()。getAuthentication();给出null就是为什么请求失败了。

I also have seen a very wired situation. I have extend SwitchUserFilter and add my own service to write custom code but i can't able to @Autowire it.

我也看到了非常有线的情况。我已经扩展了SwitchUserFilter并添加了我自己的服务来编写自定义代码,但我无法@Autowire它。

I also tried to set Authentication in session while login with user. but the same session attribute i can't find in my extended SwitchUserFilter.

我还尝试在用户登录时在会话中设置身份验证。但我在扩展的SwitchUserFilter中找不到相同的会话属性。

In the above code I am adding filter to security filter chain as well.

在上面的代码中,我也将安全过滤器链添加到过滤器链中。

<security:custom-filter position="SWITCH_USER_FILTER" ref="switchUserProcessingFilter" />

Seems SwitchUserFilter does't know anything what session is setting or authentication is saving. I don't understand why it is happening even though i have done the right configuration. I have checked other related questions as well but not able to fix it.

似乎SwitchUserFilter不知道任何会话设置或身份验证正在保存。即使我做了正确的配置,我也不明白为什么会发生这种情况。我也检查了其他相关问题,但无法修复它。

Please help me on this. Let me know if you want some more code to put.

请帮帮我。如果您想要更多代码,请告诉我。

1 个解决方案

#1

0  

The problem is my filter in not binding in Spring Security Chain so rather than using custom-filter mapping, I inject my filter directly to the filter chain.

问题是我的过滤器没有绑定在Spring安全链中,所以我没有使用自定义过滤器映射,而是直接将过滤器注入过滤器链。

spring-filter-config.xml

<alias name="defaultStorefrontTenantDefaultFilterChainList" alias="storefrontTenantDefaultFilterChainList" />
<util:list id="defaultStorefrontTenantDefaultFilterChainList">

// Other filter chain

   <ref bean="switchUserProcessingFilter"/> //Added my filter here
</util:list>

and simply added switchUserProcessingFilterin spring-security-config.xml

并简单地添加了switchUserProcessingFilterin spring-security-config.xml

So there is no use to write filter-mapping in web.xml file and custom-filter in security-config.xml file.

因此,在web.xml文件中编写filter-mapping并在security-config.xml文件中编写custom-filter是没有用的。

智能推荐

注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:http://www.silva-art.net/blog/2016/01/08/2689606be0c9030b86079a6e4e40bb97.html



猜您在找
Spring Security(2):过滤器链(filter chain)的介绍 绕过Spring安全过滤器链 - Bypassing the Spring security filter chain 如何有条件地跳过Grails Spring Security插件过滤器链中的SecurityContextPersistenceFilter过滤器 - How to conditionally skip the SecurityContextPersistenceFilter filter in Grails Spring Security plugin filter chain 将多个过滤器添加到ElasticsearchPhp中的现有过滤器 - Adding Multiple Filters to an existing Filter in ElasticsearchPhp 将过滤器添加到Glassfish服务器 - Adding a filter to a Glassfish server
 
© 2014-2019 ITdaan.com 粤ICP备14056181号  

赞助商广告