Fatal编程技术网
  • spring/
  • spring安全性-为json登录请求添加参数无效

spring安全性-为json登录请求添加参数无效

spring spring-security

spring安全性-为json登录请求添加参数无效,spring,spring-security,Spring,Spring Security,我一直在关注这篇文章,内容是如何在我的SpringMVC3.1Web应用程序中创建一个入口点,以便用户使用json请求登录 我有一个关于下面代码的问题。在attemptAuthentication中,我添加了额外的请求参数,这些参数是特定于json的。然后,我尝试访问这些参数在获得用户名和获得密码,但参数不存在 public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse

我一直在关注这篇文章,内容是如何在我的SpringMVC3.1Web应用程序中创建一个入口点,以便用户使用json请求登录

我有一个关于下面代码的问题。在attemptAuthentication中,我添加了额外的请求参数,这些参数是特定于json的。然后,我尝试访问这些参数在获得用户名和获得密码,但参数不存在

public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException {

    if ("application/json".equals(request.getHeader("Content-Type"))) {
        StringBuffer sb = new StringBuffer();
        String line = null;

        BufferedReader reader;
        try {
            reader = request.getReader();
            while ((line = reader.readLine()) != null){
                sb.append(line);
            }                                   

            //json transformation
            ObjectMapper mapper = new ObjectMapper();
            JsonLoginRequest loginRequest = mapper.readValue(sb.toString(), JsonLoginRequest.class);

            String jsonUsername = loginRequest.getJ_username();
            request.setAttribute("jsonUsername", jsonUsername);

            String jsonPassword = loginRequest.getJ_password();
            request.setAttribute("jsonPassword", jsonPassword);

            String jsonStore = loginRequest.getJ_store();
            request.setAttribute("jsonStore", jsonStore);             

        }
        catch (JsonParseException e) {

            e.printStackTrace();
        } catch (JsonMappingException e) {

            e.printStackTrace();
        } 
        catch (IOException e) {

            e.printStackTrace();
        }                       
    }

    String usernameParameter = obtainUsername(request);
    String password = obtainPassword(request);
当我这样做时,jsonUsername和jsonStore不存在,即使我在上面添加了它们

@Override
protected String obtainUsername(HttpServletRequest request) {
    String combinedUsername = null;
    if ("application/json".equals(request.getHeader("Content-Type"))) {
        String jsonUsername = request.getParameter("jsonUsername");
        String jsonStore = request.getParameter("jsonStore");            
        combinedUsername = 
                jsonUsername + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM + 
                jsonStore;      

    }else {
        String username = super.obtainUsername(request);
        String store = request.getParameter(SecurityConstants.STORE_PARAM);
        String hiddenStore = request.getParameter(SecurityConstants.HIDDEN_STORE_PARAM);
        combinedUsername = 
                username + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM + 
                store + 
                SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM +
                hiddenStore;            
    }   
    return combinedUsername;
}
有人能帮我解决什么问题吗?谢谢

您正在添加请求属性,而不是请求参数。您不能向请求中添加参数,要做到这一点,您必须包装原始请求,并添加一些额外的逻辑来添加参数。哦,天哪。我很抱歉。愚蠢的错误。谢谢你看这个。