在Spring Security的DaoAuthenticationProvider的时候进行身份验证过程中访问的HttpServletRequest [英] Accessing HttpServletRequest during DaoAuthenticationProvider authenticate in Spring Security
问题描述
我需要从内部访问的HttpServletRequest
对象我的 DaoAuthenticationProvider的时候
在Spring中的安全性。
I need to access the HttpServletRequest
object from within my DaoAuthenticationProvider
in Spring security.
安全组件扩展了 DaoAuthenticationProvider的时候
和我们覆盖了身份验证
方法来执行一些定制的认证/验证。额外的检查需要验证用户的随附请求URL作为查询字符串参数(防爆IP地址: http://domain.com/context?ip=192.168.0.1
)。
The security component extends the DaoAuthenticationProvider
and we override the authenticate
method to perform some custom authentication / validation. The additional check is required to validate user's ip-address which comes in the request url as a query string parameter (Ex: http://domain.com/context?ip=192.168.0.1
).
我想目前的办法是利用 RequestContextHolder
线程局部并得到我的自定义HTTP请求 DaoAuthenticationProvider的时候$ C的$ C>。
The current approach I am trying is to make use of RequestContextHolder
thread-local and get the http request in my custom DAOAuthenticationProvider
.
这是我在这里和阅读春季论坛上一些其他的解决方案似乎暗示注入 AuthenticationDetailsSource
,使用自定义过滤器
和我不明白,由于是新的Spring Security使用其他步骤。
Some other solutions that I read here and on spring forums seems to suggest to inject AuthenticationDetailsSource
, use of custom-filter
and other steps which I don't understand due to being new to spring security.
我们将不得不使用相同的安全组件不同的Web应用程序进行认证。
We would have different web applications which use the same security component to perform authentication.
可有人请点我在正确的方向或者帮助我实现pviously $ P $的方法?
Can someone please point me in a correct direction or help me with any approaches implemented previously ?
推荐答案
您可以添加Spring的<一个href=\"http://static.springsource.org/spring/docs/current/javadoc-api/org/springframework/web/filter/RequestContextFilter.html\"相对=nofollow> RequestContextFilter两个在web.xml 。通过这种方式,属性将在每次请求被保存在当前线程。然后,你可以得到原HtttpServletRequest:
You can add Spring's RequestContextFilter in your web.xml. This way, attributes will be saved on current thread on every request. Then, you can get original HtttpServletRequest:
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = attributes.getRequest();
这篇关于在Spring Security的DaoAuthenticationProvider的时候进行身份验证过程中访问的HttpServletRequest的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!