如何在loadUserByUsername方法spring安全4中向登录页和访问添加参数
如何在loadUserByUsername方法spring安全4中向登录页和访问添加参数
提问于 2015-10-07 09:59:49
当用户尝试登录时,我希望传递一个额外的参数userAccountID,并在loadUserByUsername中访问使用名称和userAccountID查询db用户。
userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;如何实现上述用例?
提前谢谢。
下面是我的登录Java配置,但它在即将到来的时候不能运行空的登录页面
@Bean
public AuthenticationSuccessHandlerImpl getAuthenticationSuccessHandlerImpl() throws Exception
{
return new AuthenticationSuccessHandlerImpl();
}
@Bean
public TwoFactorAuthenticationFilter authenticationFilter() throws Exception{
TwoFactorAuthenticationFilter authFilter = new TwoFactorAuthenticationFilter();
authFilter.setAuthenticationManager(authenticationManager());
authFilter.setAuthenticationSuccessHandler( authenticationSuccessHandler );
authFilter.setPostOnly( true );
return authFilter;
}
@Override
protected AuthenticationManager authenticationManager() throws Exception
{
return super.authenticationManager();
}
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http .addFilterBefore( new TwoFactorAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class )
.exceptionHandling()
.accessDeniedPage( "/403" )
.and()
.authorizeRequests()
.antMatchers( "/login**" ).permitAll()
/*.antMatchers( "/admin*//**" ).hasRole( "ADMIN" )*/
.antMatchers( "/adminPage" ).access( "hasRole('ROLE_ADMIN')" )
.and().csrf().disable()
.formLogin().loginPage( "/login" ).failureUrl( "/login?error" )
.usernameParameter( "username" ).passwordParameter( "password" )
//.successHandler( authenticationSuccessHandler )
.and()
.logout().invalidateHttpSession( true ).deleteCookies( "JSESSIONID" ).logoutUrl( "/logout" ).logoutSuccessUrl( "/logout-success" )
.and()
.sessionManagement()
.invalidSessionUrl( "/login" )
.maximumSessions( 1 );
}回答 1
Stack Overflow用户
回答已采纳
发布于 2015-10-07 11:16:18
您可以扩展您的UsernamePasswordAuthenticationFilter。在obtainUsername方法下,您可以接受另一个参数。
public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{
@Override
protected String obtainUsername(HttpServletRequest request)
{
String username = request.getParameter(getUsernameParameter());
String extraInput = request.getParameter("userAccountID");
String combinedUsername = username + ":" + extraInput;
return combinedUsername;
}
}现在,您可以将loadUserByUsername方法修改为:
@Override
public UserDetails loadUserByUsername(String input) throws UsernameNotFoundException, DataAccessException
{
String[] split = input.split(":");
String username = split[0];
String extraInput = split[1];
// and your queries etc这是个简单的方法。要获得完整的教程,您可以访问这里:http://blog.awnry.com/post/16183749439/two-factor-authentication-and-spring-security-3
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/32989305
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号