除了用户名和密码外,登录页面有更多字段时如何实现Spring安全? [英] How implement Spring security when login page having more field apart from user name and password?
问题描述
我有一个登录页面,用户需要在其中输入以下信息他们将从不同的应用程序获得的 VIN 号码、电子邮件、邮政编码和访问代码.
I have a login page where the user need put the below information VIN number,email, zip code and accessCode which they will get from different application.
所以为了验证用户,我需要自定义 UserDetailsService 类中的所有信息,然后调用一个过程来验证用户.
So to validate a user I need all the information in my custom UserDetailsService class and then will called a procedure to authenticate the user.
但是当我实现像下面这样的 UserDetailsService 时我看到了
But I saw that when I implement the UserDetailsService like below
@Component
public class LoginService implements UserDetailsService {
@Autowired
LoginStoredProcedureDao loginStoredProcedureDao;
public Map<String, Object> verifyLogin(LoginDetails details) {
return loginStoredProcedureDao.verifyLogin(details);
}
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
// TODO Auto-generated method stub
//verifyLogin();
return null;
}
}
loginDetails 对象如下所示
The loginDetails Object is like below
public class LoginDetails {
String vin;
String email;
String zipcode;
String accessCode;
}
在上述情况下如何使用spring security.这里用户需要提供所有信息来验证他自己.
In the above situation how to use spring security. Here the user need to give all information to validate him self.
推荐答案
首先,我会以不同的方式解决您的问题.我会进行多步身份验证.第一个是传统的用户名/密码登录,使用 spring security 的默认模型.第二步是显示另一个表单,用户必须填写该表单以提供您的应用程序想要强制执行的身份验证的其他详细信息.
First of all, I would solve your problem differently. I would do a multi step authentication. The first would be a traditional user name / password login, using spring security's default model. The second step would be to show another form which would have to be filled up by the user to provide additional details for authentication, which your application wants to enforce.
不管怎样,如果你想继续定制spring安全模型,一步一步询问更多登录细节.按照@Petr 上一个答案中的步骤参考进行操作.然后要访问 UserDetailsService 类中的会话属性,请使用 http://static.springsource.org/spring/docs/2.0.8/api/org/springframework/web/context/request/RequestContextHolder.html Spring 提供的类.
Regardless, if you want to continue customizing the spring security model to ask more details on login in in a single step. Follow the steps reference in the previous answer from @Petr. And then to access session attributes in your UserDetailsService class, use the http://static.springsource.org/spring/docs/2.0.8/api/org/springframework/web/context/request/RequestContextHolder.html class provided by Spring.
您可以访问 currentRequestAttributes(),它返回一个 RequestAttributes 对象.您可以查询 RequestAttributes 对象以从所需的范围中获取所需的属性.
You can get access to currentRequestAttributes(), which returns a RequestAttributes object. You can query the RequestAttributes object to get the desired attribute from the desired scope.
注意:这是一个静态方法,这意味着它对单元测试不友好.
Note: This is a static method, which means its not going to be friendly to unit test.
如果你想访问底层的HttpServletRequest
希望这会有所帮助.
这篇关于除了用户名和密码外,登录页面有更多字段时如何实现Spring安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
