Java RequestHeaderAuthenticationFilter.setExceptionIfHeaderMissing方法代码示例

import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter; //导入方法依赖的package包/类
@SuppressWarnings("PMD.SignatureDeclareThrowsException")
private RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception {
    RequestHeaderAuthenticationFilter f = new RequestHeaderAuthenticationFilter();
    f.setPrincipalRequestHeader("X-Forwarded-User");
    f.setCredentialsRequestHeader("X-Forwarded-Access-Token");
    f.setAuthenticationManager(authenticationManager());
    f.setAuthenticationDetailsSource(
        (AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>)
            (request) ->new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(
                request,
                AuthorityUtils.createAuthorityList("ROLE_AUTHENTICATED")
            )
    );
    f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
    f.setExceptionIfHeaderMissing(false);
    return f;
}
 

import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter; //导入方法依赖的package包/类
/**
 * Creates an iv-user header filter to get user id from TAM/Webseal.
 *
 * @return the request header authentication filter
 * @throws Exception
 *             the exception if something goes wrong
 */
private RequestHeaderAuthenticationFilter createIVUserHeaderFilter() {
    RequestHeaderAuthenticationFilter requestFilter = new RequestHeaderAuthenticationFilter();
    requestFilter.setPrincipalRequestHeader("iv-user");
    requestFilter.setExceptionIfHeaderMissing(false);
    requestFilter.setCheckForPrincipalChanges(true);
    try {
        requestFilter.setAuthenticationManager(this.authenticationManagerBean());
    } catch (Exception e) {
        LOG.error("Error during security setup", e);
        throw new InstantiationException("Error creating authentication manager", WebSecurityConfig.class, e);
    }
    return requestFilter;
}
 

import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .expressionHandler(webExpressionHandler())
            // Some general filters for access, more specific ones are set at each method
            .antMatchers(HttpMethod.POST, "/x509/api/report-bug").permitAll()
            .antMatchers(HttpMethod.POST, "/x509/api/org/apply").permitAll()
            .antMatchers(HttpMethod.GET, "/x509/api/certificates/crl/*").permitAll()
            .antMatchers(HttpMethod.GET, "/x509/api/certificates/ocsp/**").permitAll()
            .antMatchers(HttpMethod.POST, "/x509/api/certificates/ocsp/*").permitAll()
            .antMatchers(HttpMethod.POST, "/x509/api/**").authenticated()
            .antMatchers(HttpMethod.PUT, "/x509/api/**").authenticated()
            .antMatchers(HttpMethod.DELETE, "/x509/api/**").authenticated()
            .antMatchers(HttpMethod.GET, "/x509/api/**").authenticated()
    ;

    if (!useStandardSSL) {
        // Create and setup the filter used to extract the client certificate from the header
        RequestHeaderAuthenticationFilter certFilter = new RequestHeaderAuthenticationFilter();
        certFilter.setAuthenticationManager(authenticationManager());
        certFilter.setPrincipalRequestHeader("X-Client-Certificate");
        certFilter.setExceptionIfHeaderMissing(false);
        http.addFilter(certFilter);
    } else {
        // Using this approach is not recommended since we don't extract all the information from
        // the certificate, as done in the approach above.
        http
            .x509()
                .subjectPrincipalRegex("(.*)") // Extract all and let it be handled by the X509UserDetailsService. "CN=(.*?)," for CommonName only
                .userDetailsService(x509UserDetailsService())
        ;
    }
}