如何在loadUserByUsername方法spring security 4中向登录页面和访问添加参数_Spring_Spring Mvc_Spring Security

如何在loadUserByUsername方法spring security 4中向登录页面和访问添加参数

spring spring-mvc spring-security

如何在loadUserByUsername方法spring security 4中向登录页面和访问添加参数,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,当用户尝试登录时，我想传递一个额外的参数userAccountID，和loadUserByUsername中的访问权限，用于查询具有名称和userAccountID的数据库用户 userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException; 如何实现上述用户案例提前谢谢下面是我的登录Java配置，但它不工作空登录页面即将到来 @Bean publi

当用户尝试登录时，我想传递一个额外的参数userAccountID，和loadUserByUsername中的访问权限，用于查询具有名称和userAccountID的数据库用户

userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;

如何实现上述用户案例

提前谢谢

下面是我的登录Java配置，但它不工作空登录页面即将到来

@Bean
public AuthenticationSuccessHandlerImpl getAuthenticationSuccessHandlerImpl() throws Exception
{
    return new AuthenticationSuccessHandlerImpl();
}


@Bean
public TwoFactorAuthenticationFilter authenticationFilter() throws Exception{
    TwoFactorAuthenticationFilter authFilter = new TwoFactorAuthenticationFilter();
    authFilter.setAuthenticationManager(authenticationManager());
    authFilter.setAuthenticationSuccessHandler( authenticationSuccessHandler );
    authFilter.setPostOnly( true );
    return authFilter;
}


@Override
protected AuthenticationManager authenticationManager() throws Exception
{
    return super.authenticationManager();
}

@Override
protected void configure( HttpSecurity http ) throws Exception
{

    http    .addFilterBefore( new TwoFactorAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class )
            .exceptionHandling()
            .accessDeniedPage( "/403" )
            .and()
            .authorizeRequests()
            .antMatchers( "/login**" ).permitAll()
            /*.antMatchers( "/admin*//**" ).hasRole( "ADMIN" )*/
            .antMatchers( "/adminPage" ).access( "hasRole('ROLE_ADMIN')" )
            .and().csrf().disable()
            .formLogin().loginPage( "/login" ).failureUrl( "/login?error" )
            .usernameParameter( "username" ).passwordParameter( "password" )
            //.successHandler( authenticationSuccessHandler )
            .and()
            .logout().invalidateHttpSession( true ).deleteCookies( "JSESSIONID" ).logoutUrl( "/logout" ).logoutSuccessUrl( "/logout-success" )
            .and()
            .sessionManagement()
            .invalidSessionUrl( "/login" )
            .maximumSessions( 1 );
}

您可以扩展您的用户名PasswordAuthenticationFilter。在AcquinUserName方法下，可以使用另一个参数

public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{   
    @Override
    protected String obtainUsername(HttpServletRequest request)
    {
        String username = request.getParameter(getUsernameParameter());
        String extraInput = request.getParameter("userAccountID");
        String combinedUsername = username + ":" + extraInput;
        return combinedUsername;
    }
}

现在，您可以将loadUserByUsername方法修改为：

@Override
public UserDetails loadUserByUsername(String input) throws UsernameNotFoundException, DataAccessException
{
    String[] split = input.split(":");
    String username = split[0];
    String extraInput = split[1];

    // and your queries etc

这是一个简单的方法。有关完整教程，您可以访问此处：