Menu
I am developing a filter with Spring security which extends of
OncePerRequestFilter class and It has to update parameters in the REST service .Parameters are entered by the header with the annotation @RequestHeader.
I have tried to update parameters from the filter with the follows class:
public class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
/**
* construct a wrapper for this request
*
* @param request
*/
public HeaderMapRequestWrapper(HttpServletRequest request) {
super(request);
}
private Map<String, String> headerMap = new HashMap<String, String>();
/**
* add a header with given name and value
*
* @param name
* @param value
*/
public void addHeader(String name, String value) {
headerMap.put(name, value);
}
public void removeteHeader(String name){
headerMap.remove(name);
}
@Override
public String getHeader(String name) {
String headerValue = super.getHeader(name);
if (headerMap.containsKey(name)) {
headerValue = headerMap.get(name);
}
return headerValue;
}
/**
* get the Header names
*/
@Override
public Enumeration<String> getHeaderNames() {
List<String> names = Collections.list(super.getHeaderNames());
for (String name : headerMap.keySet()) {
names.add(name);
}
return Collections.enumeration(names);
}
@Override
public Enumeration<String> getHeaders(String name) {
List<String> values = Collections.list(super.getHeaders(name));
if (headerMap.containsKey(name)) {
values.add(headerMap.get(name));
}
return Collections.enumeration(values);
}
}
And with the method .addHeader("parameter", "New value"), but when I read the parameter in the method it has not changed, but if read it from .getHeader("parameter") method from HttpServletRequest class, which I have inyected in the same method class. The changes are done, but in the method parameters not appear.
The method is the follows:
@Autowired
HttpServletRequest a;
//Annotations @GetMapping......
public void method (@RequestHeader(value="Parameter") String parameter){
System.out.print(parameter); //Parameter did not change
system.out.print(a.getHeader("parameter")); //Parameter changed.
}
Does Someone know how to change the operation parameters from a filter?, or from other way....
242
Simply put, the @PreFilter and @PostFilter annotations are used to filter lists of objects based on custom security rules we define. @PostFilter defines a rule for filtering the return list of a method, by applying that rule to every element in the list.
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity . authorizeRequests() // various GET/POST path enable rules, none of which would enable access to default ones (see log below) ... // finally, deny everything else . antMatchers("/**"). denyAll() ... } }
We can register the filter programmatically by creating a SecurityFilterChain bean. There are a couple of possible methods: addFilterBefore(filter, class) adds a filter before the position of the specified filter class. addFilterAfter(filter, class) adds a filter after the position of the specified filter class.
Spring Security maintains a filter chain internally where each of the filters has a particular responsibility and filters are added or removed from the configuration depending on which services are required. The ordering of the filters is important as there are dependencies between them.
I'm not sure what you're doing wrong but when I try it with my setup it seems to work. Please take a look at the following code.
/**
* username: test, password: test
* Added Header: param
* REST URL: http://localhost:8080/hello
*/
package com.test;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.filter.OncePerRequestFilter;
@SpringBootApplication
public class TestRequestWrapperApplication {
public static void main(String[] args) {
SpringApplication.run(TestRequestWrapperApplication.class, args);
}
}
@Component
class RequestWrapperFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
HeaderMapRequestWrapper wrappedRequest = new HeaderMapRequestWrapper((HttpServletRequest)request);
wrappedRequest.addHeader("param", "Hello World!");
filterChain.doFilter(wrappedRequest, response);
}
}
@RestController
class TestRest {
@GetMapping("hello")
public String hello(@RequestHeader("param") String param) {
return "param: " + param;
}
}
@Configuration
class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("test").authorities("test").password("test");
}
}
class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
public HeaderMapRequestWrapper(HttpServletRequest request) {
super(request);
}
private Map<String, String> headerMap = new HashMap<String, String>();
public void addHeader(String name, String value) {
headerMap.put(name, value);
}
public void removeteHeader(String name) {
headerMap.remove(name);
}
@Override
public String getHeader(String name) {
String headerValue = super.getHeader(name);
if (headerMap.containsKey(name)) {
headerValue = headerMap.get(name);
}
return headerValue;
}
@Override
public Enumeration<String> getHeaderNames() {
List<String> names = Collections.list(super.getHeaderNames());
for (String name : headerMap.keySet()) {
names.add(name);
}
return Collections.enumeration(names);
}
@Override
public Enumeration<String> getHeaders(String name) {
List<String> values = Collections.list(super.getHeaders(name));
if (headerMap.containsKey(name)) {
values.add(headerMap.get(name));
}
return Collections.enumeration(values);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
