Ich habe eine tokenbasierte Authentifizierung in meiner Anwendung mithilfe von AbstractAuthenticationProcessingFilter hinzugefügt. Alles funktioniert gut bis zur Weiterleitung der Anfrage nach erfolgreicher Authentifizierung. Aus bestimmten Gründen wird die Handlermethode jedoch nicht gefunden. Können Sie bitte helfen?Spring Sicherheitsmethode Handler nicht gefunden
2017-12-17 22:51:05,560 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:219][] Secure object: FilterInvocation: URL: /v1/userPreferences; Attributes: [permitAll]
2017-12-17 22:51:05,561 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:348][] Previously Authenticated: org.springframew[email protected]9f6533a: Principal: [email protected]: Username: [email protected]t-mobile.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: update-enterprise; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: update-enterprise
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [AffirmativeBased:66][] Voter: org.sp[email protected]4bf2a649, returned: 1
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:243][] Authorization successful
2017-12-17 22:51:05,572 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterSecurityInterceptor:256][] RunAsManager did not change Authentication object
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [FilterChainProxy:310][] /v1/userPreferences reached end of additional filter chain; proceeding with original chain
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:108][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] looking up handler for path: /v1/userPreferences
2017-12-17 22:51:05,573 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [PropertySourcedRequestMappingHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,574 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:304][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Looking up handler method for path /v1/userPreferences
2017-12-17 22:51:05,575 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [EndpointHandlerMapping:314][TrxId:964de667-eb77-434a-ba7e-673cb063dc05] Did not find handler method for [/v1/userPreferences]
2017-12-17 22:51:05,578 DEBUG : [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [SecurityContextPersistenceFilter:119][] SecurityContextHolder now cleared, as request processing completed
Hier ist meine Filterimplementierung:
public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter
{
final static Logger logger = Logger.getLogger(TokenAuthenticationFilter.class.getCanonicalName());
@Autowired
private IAMUserDAO iamUserDAO;
@Autowired
private CDBUserProfileDao cdbUserProfileDao;
@Autowired
private IAMOAuth2Dao iamOAuth2DAO;
protected TokenAuthenticationFilter(String defaultFilterProcessesUrl) {
super(defaultFilterProcessesUrl);
super.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(defaultFilterProcessesUrl));
setAuthenticationManager(new TokenAuthenticationManager());
setAuthenticationSuccessHandler(new TokenAuthenticationSuccessHandler());
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
AbstractAuthenticationToken authToken = null;
String accessToken = request.getHeader("Authorization");
logger.info("Retrieving roles for token " + accessToken);
ResponseEntity<String> tokenResponse = Utils.validateAccessToken(request, iamOAuth2DAO);
if (tokenResponse.getStatusCode().equals(HttpStatus.OK)){
try {
UserProfiles userProfileResponse = cdbUserProfileDao.getCDBUserProfile(tokenResponse.getBody());
if(userProfileResponse != null){
String action = iamUserDAO.getFbiFederatedAction(userProfileResponse.getEntid(), userProfileResponse.getRoles().getRole());
logger.info("The action returned is " + action);
if(!StringUtil.isBlank(action)){
List<GrantedAuthority> authorities = Arrays.asList(action.split(",")).stream()
.map(s -> new SimpleGrantedAuthority(s))
.collect(Collectors.toList());
User principal = new User(userProfileResponse.getTuid(), "", authorities);
authToken = new UsernamePasswordAuthenticationToken(principal, "", principal.getAuthorities());
}
}
}
catch(Exception e){
logger.error("rba processing encounter an error " + e.getMessage());
}
}
else{
logger.error(accessToken + " is an invalid token");
throw new AuthenticationServiceException("Invalid Token");
}
if(authToken == null){
logger.error("Authentication object couldn't be created");
throw new AuthenticationServiceException("Error creating authentication object");
}
else
logger.info("Authentication object created");
return authToken;
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}
}
Hier ist der AuthenticationSuccessHandler:
public class TokenAuthenticationSuccessHandler implements AuthenticationSuccessHandler{
final static Logger logger = Logger.getLogger(TokenAuthenticationSuccessHandler.class.getCanonicalName());
private String determineTargetUrl(HttpServletRequest request,
HttpServletResponse response) {
String context = request.getContextPath();
String fullURL = request.getRequestURI();
logger.info("The context is " + context + " and the full url is " + fullURL);
String url = fullURL.substring(fullURL.indexOf(context)+context.length());
return url;
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
String url = determineTargetUrl(request,response);
logger.info("Forwarding request after loading the authentication with url " + request.getRequestURL());
logger.info("The url is " + url);
request.getRequestDispatcher(url).forward(request, response);
}
}