在Spring Security的DaoAuthenticationProvider的时候进行身份验证过程中访问的HttpServletRequest [英] Accessing HttpServletRequest during DaoAuthenticationProvider authenticate in Spring Security

问题描述

我需要从内部访问的HttpServletRequest 对象我的 DaoAuthenticationProvider的时候在Spring中的安全性。

I need to access the HttpServletRequest object from within my DaoAuthenticationProvider in Spring security.

安全组件扩展了 DaoAuthenticationProvider的时候和我们覆盖了身份验证方法来执行一些定制的认证/验证。额外的检查需要验证用户的随附请求URL作为查询字符串参数（防爆IP地址： http://domain.com/context?ip=192.168.0.1 ）。

The security component extends the DaoAuthenticationProvider and we override the authenticate method to perform some custom authentication / validation. The additional check is required to validate user's ip-address which comes in the request url as a query string parameter (Ex: http://domain.com/context?ip=192.168.0.1).

我想目前的办法是利用 RequestContextHolder 线程局部并得到我的自定义HTTP请求 DaoAuthenticationProvider的时候。

The current approach I am trying is to make use of RequestContextHolder thread-local and get the http request in my custom DAOAuthenticationProvider.

这是我在这里和阅读春季论坛上一些其他的解决方案似乎暗示注入 AuthenticationDetailsS​​ource ，使用自定义过滤器和我不明白，由于是新的Spring Security使用其他步骤。

Some other solutions that I read here and on spring forums seems to suggest to inject AuthenticationDetailsSource, use of custom-filter and other steps which I don't understand due to being new to spring security.

我们将不得不使用相同的安全组件不同的Web应用程序进行认证。

We would have different web applications which use the same security component to perform authentication.

可有人请点我在正确的方向或者帮助我实现pviously $ P $的方法？

Can someone please point me in a correct direction or help me with any approaches implemented previously ?

推荐答案

您可以添加Spring的<一个href=\"http://static.springsource.org/spring/docs/current/javadoc-api/org/springframework/web/filter/RequestContextFilter.html\"相对=nofollow> RequestContextFilter两个在web.xml 。通过这种方式，属性将在每次请求被保存在当前线程。然后，你可以得到原HtttpServletRequest：

You can add Spring's RequestContextFilter in your web.xml. This way, attributes will be saved on current thread on every request. Then, you can get original HtttpServletRequest:

ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attributes.getRequest();

这篇关于在Spring Security的DaoAuthenticationProvider的时候进行身份验证过程中访问的HttpServletRequest的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！