如何在Spring Security登录页面中传递附加参数 [英] How to pass an additional parameter with spring security login page

问题描述

我正在尝试从Spring安全性登录页面将数据库名称设置为请求输入参数.目前，我只获得使用Spring Security SecurityContextHolder.getContext().getAuthentication()检索到的用户名.

I am trying to set the database name as the request input parameter from the spring security login page. At present I am only getting username that's been retrieved using spring security SecurityContextHolder.getContext().getAuthentication().

如何访问在登录页面上设置的其他字段?

How to access the additional field that's been set on the login page?

推荐答案

详细介绍@Vacuum的评论

Elaborating on @Vacuum's comment

这是一种简单的方法(未经测试，但我相信这会起作用)

Here's a simple way (untested, but I believe this would work)

1)创建一个新类ExUsernamePasswordAuthenticationFilter，它将扩展默认过滤器并获取其他参数并将其存储在会话中.看起来像这样:

1) Create a new class ExUsernamePasswordAuthenticationFilter that will extend the default filter and grab the additional parameter and store it in the session. It will look something like this:

    public class ExUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        final String dbValue = request.getParameter("dbParam");
        request.getSession().setAttribute("dbValue", dbValue);

        return super.attemptAuthentication(request, response); 
    } 
}

2)在您的UserDetailsService实现中，修改以下内容的实现:

2) In your UserDetailsService implementation, modify your implementation of:

UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;

获取第1)步中的过滤器提供的会话变量.

to grab the session variable that the filter from step 1) makes available.

3)在您的<http />安全设置中，用您的自定义过滤器覆盖默认过滤器

3) in your <http /> security set-up, override the default filter with your custom one

<custom-filter ref="beanForYourCustomFilterFromStep1" position="FORM_LOGIN_FILTER"/>

有关自定义过滤器的更多信息，请参阅文档的此部分:

Refer to this part of the documentation for more info about custom filters: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-custom-filters

这篇关于如何在Spring Security登录页面中传递附加参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！