spring安全性-为json登录请求添加参数无效
我一直在关注这篇文章,内容是如何在我的SpringMVC3.1Web应用程序中创建一个入口点,以便用户使用json请求登录 我有一个关于下面代码的问题。在attemptAuthentication中,我添加了额外的请求参数,这些参数是特定于json的。然后,我尝试访问这些参数在获得用户名和获得密码,但参数不存在spring安全性-为json登录请求添加参数无效,spring,spring-security,Spring,Spring Security,我一直在关注这篇文章,内容是如何在我的SpringMVC3.1Web应用程序中创建一个入口点,以便用户使用json请求登录 我有一个关于下面代码的问题。在attemptAuthentication中,我添加了额外的请求参数,这些参数是特定于json的。然后,我尝试访问这些参数在获得用户名和获得密码,但参数不存在 public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
if ("application/json".equals(request.getHeader("Content-Type"))) {
StringBuffer sb = new StringBuffer();
String line = null;
BufferedReader reader;
try {
reader = request.getReader();
while ((line = reader.readLine()) != null){
sb.append(line);
}
//json transformation
ObjectMapper mapper = new ObjectMapper();
JsonLoginRequest loginRequest = mapper.readValue(sb.toString(), JsonLoginRequest.class);
String jsonUsername = loginRequest.getJ_username();
request.setAttribute("jsonUsername", jsonUsername);
String jsonPassword = loginRequest.getJ_password();
request.setAttribute("jsonPassword", jsonPassword);
String jsonStore = loginRequest.getJ_store();
request.setAttribute("jsonStore", jsonStore);
}
catch (JsonParseException e) {
e.printStackTrace();
} catch (JsonMappingException e) {
e.printStackTrace();
}
catch (IOException e) {
e.printStackTrace();
}
}
String usernameParameter = obtainUsername(request);
String password = obtainPassword(request);
当我这样做时,jsonUsername和jsonStore不存在,即使我在上面添加了它们
@Override
protected String obtainUsername(HttpServletRequest request) {
String combinedUsername = null;
if ("application/json".equals(request.getHeader("Content-Type"))) {
String jsonUsername = request.getParameter("jsonUsername");
String jsonStore = request.getParameter("jsonStore");
combinedUsername =
jsonUsername +
SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM +
jsonStore;
}else {
String username = super.obtainUsername(request);
String store = request.getParameter(SecurityConstants.STORE_PARAM);
String hiddenStore = request.getParameter(SecurityConstants.HIDDEN_STORE_PARAM);
combinedUsername =
username +
SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM +
store +
SecurityConstants.TWO_FACTOR_AUTHENTICTION_DELIM +
hiddenStore;
}
return combinedUsername;
}
有人能帮我解决什么问题吗?谢谢您正在添加请求属性,而不是请求参数。您不能向请求中添加参数,要做到这一点,您必须包装原始请求,并添加一些额外的逻辑来添加参数。哦,天哪。我很抱歉。愚蠢的错误。谢谢你看这个。