如何使用spring security登录页面传递附加参数 [英] How to pass an additional parameter with spring security login page

问题描述

我正在尝试将数据库名称设置为 spring 安全登录页面的请求输入参数.目前我只获取使用 spring security SecurityContextHolder.getContext().getAuthentication() 检索到的用户名.

I am trying to set the database name as the request input parameter from the spring security login page. At present I am only getting username that's been retrieved using spring security SecurityContextHolder.getContext().getAuthentication().

如何访问登录页面上设置的附加字段?

How to access the additional field that's been set on the login page?

推荐答案

详细说明@Vacuum 的评论

Elaborating on @Vacuum's comment

这是一个简单的方法(未经测试，但我相信这会奏效)

Here's a simple way (untested, but I believe this would work)

1. 创建一个新类 ExUsernamePasswordAuthenticationFilter，它将扩展默认过滤器并获取附加参数并将其存储在会话中.它看起来像这样:

1. Create a new class ExUsernamePasswordAuthenticationFilter that will extend the default filter and grab the additional parameter and store it in the session. It will look something like this:

public class ExUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        final String dbValue = request.getParameter("dbParam");
        request.getSession().setAttribute("dbValue", dbValue);

        return super.attemptAuthentication(request, response); 
    } 
}

1. 在您的 UserDetailsS​​ervice 实现中，修改您的实现:

1. In your UserDetailsService implementation, modify your implementation of:

UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;

获取步骤 1) 中过滤器提供的会话变量.

to grab the session variable that the filter from step 1) makes available.

1. 在您的 <http/> 安全设置中，使用您的自定义过滤器覆盖默认过滤器

1. in your <http /> security set-up, override the default filter with your custom one

<custom-filter ref="beanForYourCustomFilterFromStep1" position="FORM_LOGIN_FILTER"/>

有关自定义过滤器的更多信息，请参阅文档的这一部分:http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-custom-filters

Refer to this part of the documentation for more info about custom filters: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-custom-filters

这篇关于如何使用spring security登录页面传递附加参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！