gpt4 book ai didi

security - 是否可以在 Spring 中以基于表单的身份验证发送更多数据?

转载 作者:行者123 更新时间:2023-12-02 22:11:35 25 4
gpt4 key购买 nike

我对 Spring Framework 比较陌生和 Spring 安全性。

我使用了自定义身份验证方案,HTML:

<form action="j_spring_security_check">
<input type="text" name="j_username" value="abc"/>
<input type="text" name="j_password" value="abc"/>
<input type="text" name="myCustom1" value="pqr"/> <!-- maybe type="hidden" -->
<input type="text" name="myCustom2" value="pqr"/> <!-- maybe type="hidden" -->
</form>

以及相应的代码:

public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider
{
@Override protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken)
throws AuthenticationException
{
System.out.println("Method invoked : additionalAuthenticationChecks isAuthenticated ? :"+usernamePasswordAuthenticationToken.isAuthenticated());
}

@Override protected UserDetails retrieveUser(String username,UsernamePasswordAuthenticationToken authentication)
throws AuthenticationException
{
System.out.println("Method invoked : retrieveUser");
//I have Username,password:
//HOW CAN I ACCESS "myCustom1", "myCustom2" here ?
}
}

最佳答案

以上都是很棒且完美的解决方案。但我使用了一种解决方案,效果非常好。使用 ThreadLocal 的 Multi-Tenancy ID

package com.mypackage.servlet;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.util.Assert;

public class ThreadLocalContextUtil implements Filter{
private static final ThreadLocal<Object> contextHolder =
new ThreadLocal<Object>();

public static void setTenantId(Object tenantId) {
Assert.notNull(tenantId, "customerType cannot be null");
contextHolder.set(tenantId);
}

public static Object getTenantId() {
return contextHolder.get();
}

public static void clearTenant() {
contextHolder.remove();
}

public void destroy() {

}

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// Set the tenant Id into a ThreadLocal object
ThreadLocalContextUtil.setTenantId(request);
if(chain != null)
chain.doFilter(request, response);
else {
//error
}
}

public void init(FilterConfig filterconfig) throws ServletException {

}
}

Spring 安全 XML

<security:http auto-config="true" use-expressions="true" access-denied-page="/forms/auth/403" >
<security:custom-filter before="FIRST" ref="tenantFilter" />
......
</security:http>

访问身份验证类中的请求对象

HttpServletRequest currRequest = (HttpServletRequest) ThreadLocalContextUtil.getTenantId();

然后使用请求对象来获取您的自定义参数

关于security - 是否可以在 Spring 中以基于表单的身份验证发送更多数据?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/1629273/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com