Spring Security登录中的附加参数 [英] Additional parameters in Spring Security Login
问题描述
我已经使用Spring Security在我的应用程序中管理了登录功能.我正在使用两个默认参数(用户名和密码)进行操作,并且可以正常工作. 但是,我需要在登录功能中添加一个额外的参数,但是这样做存在问题.
I have managed the login function in my application with Spring Security. I'm doing that with the two default parameters (username and password) and it's work properly. However, I need to add an extra parameter in the login function, but I'm having problems doing that.
在SecurityConfig.java中,我添加了过滤器,并且当按下提交"按钮时它正在调用.
In SecurityConfig.java, I have added the filter and it's calling when submit button is pressed.
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/index","/login","/work", "/css/**","/out/**", "/js/**","/images/**","/fonts/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/home")
.permitAll()
.and().logout().permitAll().and()
.csrf().disable();
http.addFilterBefore(new ExUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
然后,我自己的过滤器.我正确地获得了新的参数(公司)值:
Then, my own filter. I'm getting the new parameter(Company) value properly:
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
String dbValue = request.getParameter("Company");
request.getSession().setAttribute("dbValue", dbValue);
return super.attemptAuthentication(request, response);
}
当super.attemptAuthentication(request,response);出现问题时;被称为,我得到的是空指针.
I'm having the problem when super.attemptAuthentication(request, response); is called, I'm getting null pointer.
Error:
java.lang.NullPointerException org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
es.smt.startrekweb.filter.ExUsernamePasswordAuthenticationFilter.attemptAuthentication(ExUsernamePasswordAuthenticationFilter.java:35)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
这是我在UsernamePasswordAuthenticationFilter.java中具有空指针的代码
This is the code where I'm having the null pointer in UsernamePasswordAuthenticationFilter.java
return this.getAuthenticationManager().authenticate(authRequest);
此外,我可以在调试器中看到以下信息
Also, I can see in my debugger the next information
contextBeforeChainExecution = {SecurityContextImpl@5989} "org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication"
authentication = null
有人知道我在做什么错吗?谢谢!
Does anyone know what I'm doing wrong?? Thanks!!
推荐答案
您已使用new添加了过滤器:
You have added a filter by using new :
new ExUsernamePasswordAuthenticationFilter()
因此它没有自动接线的东西. 使得this.getAuthenticationManager()返回null.
so it does not have anything autowired. that makes the this.getAuthenticationManager() return null.
如果只需要将请求参数传递给属性,则无需扩展UsernamePasswordAuthenticationFilter.
if all you need is to pass the request parameter to an attribute - you don't need to extend UsernamePasswordAuthenticationFilter.
请注意,您只添加了一个过滤器,而没有替换它.
Note that you only add a filter and did not replace it.
这篇关于Spring Security登录中的附加参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!