如何在loadUserByUsername方法spring security 4中向登录页面和访问添加参数
当用户尝试登录时,我想传递一个额外的参数userAccountID, 和loadUserByUsername中的访问权限,用于查询具有名称和userAccountID的数据库用户如何在loadUserByUsername方法spring security 4中向登录页面和访问添加参数,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,当用户尝试登录时,我想传递一个额外的参数userAccountID, 和loadUserByUsername中的访问权限,用于查询具有名称和userAccountID的数据库用户 userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException; 如何实现上述用户案例 提前谢谢 下面是我的登录Java配置,但它不工作空登录页面即将到来 @Bean publi
userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;
如何实现上述用户案例
提前谢谢
下面是我的登录Java配置,但它不工作空登录页面即将到来
@Bean
public AuthenticationSuccessHandlerImpl getAuthenticationSuccessHandlerImpl() throws Exception
{
return new AuthenticationSuccessHandlerImpl();
}
@Bean
public TwoFactorAuthenticationFilter authenticationFilter() throws Exception{
TwoFactorAuthenticationFilter authFilter = new TwoFactorAuthenticationFilter();
authFilter.setAuthenticationManager(authenticationManager());
authFilter.setAuthenticationSuccessHandler( authenticationSuccessHandler );
authFilter.setPostOnly( true );
return authFilter;
}
@Override
protected AuthenticationManager authenticationManager() throws Exception
{
return super.authenticationManager();
}
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http .addFilterBefore( new TwoFactorAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class )
.exceptionHandling()
.accessDeniedPage( "/403" )
.and()
.authorizeRequests()
.antMatchers( "/login**" ).permitAll()
/*.antMatchers( "/admin*//**" ).hasRole( "ADMIN" )*/
.antMatchers( "/adminPage" ).access( "hasRole('ROLE_ADMIN')" )
.and().csrf().disable()
.formLogin().loginPage( "/login" ).failureUrl( "/login?error" )
.usernameParameter( "username" ).passwordParameter( "password" )
//.successHandler( authenticationSuccessHandler )
.and()
.logout().invalidateHttpSession( true ).deleteCookies( "JSESSIONID" ).logoutUrl( "/logout" ).logoutSuccessUrl( "/logout-success" )
.and()
.sessionManagement()
.invalidSessionUrl( "/login" )
.maximumSessions( 1 );
}
您可以扩展您的用户名PasswordAuthenticationFilter。在AcquinUserName方法下,可以使用另一个参数
public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{
@Override
protected String obtainUsername(HttpServletRequest request)
{
String username = request.getParameter(getUsernameParameter());
String extraInput = request.getParameter("userAccountID");
String combinedUsername = username + ":" + extraInput;
return combinedUsername;
}
}
现在,您可以将loadUserByUsername方法修改为:
@Override
public UserDetails loadUserByUsername(String input) throws UsernameNotFoundException, DataAccessException
{
String[] split = input.split(":");
String username = split[0];
String extraInput = split[1];
// and your queries etc
这是一个简单的方法。有关完整教程,您可以访问此处: