Spring Security登录中的附加参数 [英] Additional parameters in Spring Security Login

问题描述

我已经使用Spring Security在我的应用程序中管理了登录功能.我正在使用两个默认参数(用户名和密码)进行操作，并且可以正常工作. 但是，我需要在登录功能中添加一个额外的参数，但是这样做存在问题.

I have managed the login function in my application with Spring Security. I'm doing that with the two default parameters (username and password) and it's work properly. However, I need to add an extra parameter in the login function, but I'm having problems doing that.

在SecurityConfig.java中，我添加了过滤器，并且当按下提交"按钮时它正在调用.

In SecurityConfig.java, I have added the filter and it's calling when submit button is pressed.

public class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {

            http
            .authorizeRequests()
            .antMatchers("/","/index","/login","/work", "/css/**","/out/**", "/js/**","/images/**","/fonts/**").permitAll() 
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").defaultSuccessUrl("/home")
            .permitAll()
            .and().logout().permitAll().and()
            .csrf().disable();

            http.addFilterBefore(new ExUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

        }
}

然后，我自己的过滤器.我正确地获得了新的参数(公司)值:

Then, my own filter. I'm getting the new parameter(Company) value properly:

@Override
public Authentication attemptAuthentication(HttpServletRequest request,
                                            HttpServletResponse response) throws AuthenticationException {

    String dbValue = request.getParameter("Company");
    request.getSession().setAttribute("dbValue", dbValue);

    return super.attemptAuthentication(request, response);
}

当super.attemptAuthentication(request，response);出现问题时；被称为，我得到的是空指针.

I'm having the problem when super.attemptAuthentication(request, response); is called, I'm getting null pointer.

Error: 
    java.lang.NullPointerException org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
    es.smt.startrekweb.filter.ExUsernamePasswordAuthenticationFilter.attemptAuthentication(ExUsernamePasswordAuthenticationFilter.java:35)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
    org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

这是我在UsernamePasswordAuthenticationFilter.java中具有空指针的代码

This is the code where I'm having the null pointer in UsernamePasswordAuthenticationFilter.java

 return this.getAuthenticationManager().authenticate(authRequest);

此外，我可以在调试器中看到以下信息

Also, I can see in my debugger the next information

contextBeforeChainExecution = {SecurityContextImpl@5989} "org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication"
authentication = null

有人知道我在做什么错吗?谢谢！

Does anyone know what I'm doing wrong?? Thanks!!

推荐答案

您已使用new添加了过滤器:

You have added a filter by using new :

new ExUsernamePasswordAuthenticationFilter()

因此它没有自动接线的东西. 使得this.getAuthenticationManager()返回null.

so it does not have anything autowired. that makes the this.getAuthenticationManager() return null.

如果只需要将请求参数传递给属性，则无需扩展UsernamePasswordAuthenticationFilter.

if all you need is to pass the request parameter to an attribute - you don't need to extend UsernamePasswordAuthenticationFilter.

请注意，您只添加了一个过滤器，而没有替换它.

Note that you only add a filter and did not replace it.

这篇关于Spring Security登录中的附加参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！