[JavaScript知识库] 关于每次请求都要执行两个即经过重写FilterInvocationSecurityMetadataSource的getAttributes()方法

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> JavaScript知识库 -> 关于每次请求都要执行两个即经过重写FilterInvocationSecurityMetadataSource的getAttributes()方法 -> 正文阅读

[JavaScript知识库]关于每次请求都要执行两个即经过重写FilterInvocationSecurityMetadataSource的getAttributes()方法

关于每次请求都要执行两个,即经过重写FilterInvocationSecurityMetadataSource的getAttributes()方法

执行两次的方法

	@Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        //获取请求地址
        String requestUrl = ((FilterInvocation) object).getRequestUrl();
        List<TbPermission> permissions = permissionMapper.selectPermissionsByUrl(requestUrl);
        if(permissions == null || permissions.size() == 0){
            //请求路径没有配置权限，表明该请求接口可以任意访问
            return null;
        }
        String[] attributes = new String[permissions.size()];
        for(int i = 0;i< permissions.size();i++){
            attributes[i] = permissions.get(i).getPermissionCode();
        }
        return SecurityConfig.createList(attributes);
    }

原因:

自己定义了一个新的拦截器
在extends AbstractSecurityInterceptor implements Filter,使用了 InterceptorStatusToken token = super.beforeInvocation(filterInvocation);

/**
 * @author sl
 * @date: 2022/2/22 22:12
 * @description: 权限拦截器
 */
@Component
public class CustomizeAbstractSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {



    private FilterInvocationSecurityMetadataSource securityMetadataSource;

    @Autowired
    public CustomizeAbstractSecurityInterceptor(FilterInvocationSecurityMetadataSource securityMetadataSource) {
        this.securityMetadataSource = securityMetadataSource;
    }

    @Autowired
    public void setMyAccessDecisionManager(CustomizeAccessDecisionManager accessDecisionManager) {
        super.setAccessDecisionManager(accessDecisionManager);
    }

    @Override
    public Class<?> getSecureObjectClass() {
        return FilterInvocation.class;
    }

    @Override
    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return securityMetadataSource;
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //为了安全的传送servletRequest、servletResponse、filterChain
        FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
        invoke(fi);
    }

    // 处理doFilter拦截下来的url
    private void invoke(FilterInvocation filterInvocation) throws IOException, ServletException {
        //调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
        //再MyAccessDecisionManager的decide方法来校验用户的权限是否足够
//        InterceptorStatusToken token = super.beforeInvocation(filterInvocation);
//        try {
//            //执行下一个拦截器
//            System.out.println("===========");
            filterInvocation.getChain().doFilter(filterInvocation.getRequest(), filterInvocation.getResponse());
//        } finally {
//            super.afterInvocation(token, null);
//        }
    }