Is it possible to send more data in form based authentication in Spring?

后端 未结 2 1775
广开言路
广开言路 2021-02-11 03:20

I am relatively new to the Spring Framework and Spring security.

I have used a custom authentication scheme, HTML:

相关标签:
2条回答
  • 2021-02-11 04:18

    All above are great and perfect solutions. But I have used a workaround kind of solution which works perfectly fine. Used multitenant id for ThreadLocal

    package com.mypackage.servlet;
    
    import java.io.IOException;
    
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    
    import org.springframework.util.Assert;
    
    public class ThreadLocalContextUtil implements Filter{
         private static final ThreadLocal<Object> contextHolder =
                    new ThreadLocal<Object>();
    
           public static void setTenantId(Object tenantId) {
              Assert.notNull(tenantId, "customerType cannot be null");
              contextHolder.set(tenantId);
           }
    
           public static Object getTenantId() {
              return contextHolder.get();
           }
    
           public static void clearTenant() {
              contextHolder.remove();
           }
    
        public void destroy() {
    
        }
    
        public void doFilter(ServletRequest request, ServletResponse response,
                FilterChain chain) throws IOException, ServletException {
            // Set the tenant Id into a ThreadLocal object
            ThreadLocalContextUtil.setTenantId(request);
            if(chain != null)
                chain.doFilter(request, response);
            else {
                //error
            }
        }
    
        public void init(FilterConfig filterconfig) throws ServletException {
    
        }
    }
    

    spring security xml

    <security:http auto-config="true" use-expressions="true" access-denied-page="/forms/auth/403" >
        <security:custom-filter before="FIRST" ref="tenantFilter" />
        ......
        </security:http>
    

    Access request object in your Authentication Class

    HttpServletRequest currRequest = (HttpServletRequest) ThreadLocalContextUtil.getTenantId();
    

    Then use the request object to get your custom parameters

    0 讨论(0)
  • 2021-02-11 04:21

    If you need to use additional form parameters in order to manipulate the username and password, you can implement your own AuthenticationProcessingFilter

    http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/ui/webapp/AuthenticationProcessingFilter.html

    This class will have full access to the HttpRequest and therefore all the additional parameters you submit. If your goal is to somehow use these values to modify the username and password, this is where you would do it.

    0 讨论(0)
提交回复
热议问题