【问题标题】:How to get password value in j_spring_security_check如何在 j_spring_security_check 中获取密码值
【发布时间】:2015-02-27 07:40:32
【问题描述】:

这是我的登录表单

<form class="login-form" action="j_spring_security_check" method="post" >
  <fieldset>
    <legend>Login Here</legend>

    <div class="form-group required">
      <label id="inputEmail" class="control-label col-md-4">Email</label>
      <div class="col-md-8">
        <input type="email" class="form-control" id="username" name="username" placeholder="Enter email" >
      </div>
    </div>
    <div class="form-group">
      <label id="inputpwd" class="control-label col-md-4">Password</label>
      <div class="col-md-8">
        <input type="password" class="form-control" id="pwd" name="password" placeholder="Enter password" >
      </div>
    </div>
    <p><input type="submit" value="Login"/></p>
  </fieldset>
</form>

如何在实现 UserDetailsS​​ervice 的类中检索我们为密码提供的输入

public class LoginUserDetails implements UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {

        final User user = DataLayer.queryToGetUserDetails(username);

返回新的 UserDetails() {

        private static final long serialVersionUID = 2059202961588104658L;

        @Override
        public boolean isEnabled() {
            return true;
        }

        @Override
        public boolean isCredentialsNonExpired() {
            return true;
        }

        @Override
        public boolean isAccountNonLocked() {
            return true;
        }

        @Override
        public boolean isAccountNonExpired() {
            return true;
        }

        @Override
        public String getUsername() {
            return user.getUsername();
        }

        @Override
        public String getPassword() {
            return user.getPassword();
        }



        //To DO for authentication.
        @Override
        public Collection<? extends GrantedAuthority> getAuthorities() {
            List<SimpleGrantedAuthority> auths = new java.util.ArrayList<SimpleGrantedAuthority>();
            auths.add(new SimpleGrantedAuthority("patient"));
            return auths;
        }
    };
}

}

我正在返回一个类似上面的值。因此,为了进行自定义身份验证,我需要在该类中获取密码字段 提前致谢

【问题讨论】:

    标签: spring jsp spring-mvc spring-security


    【解决方案1】:

    @控制器

    公共类 LoginUserDetails 实现 UserDetailsS​​ervice {

    @RequestMapping("/j_spring_security_check")
    public UserDetails loadUserByUsername(final String username,String password) throws UsernameNotFoundException {
    
        final User user = DataLayer.queryToGetUserDetails(username,password);
    

    } }

    【讨论】:

    • j_spring_security_check 是内置的弹簧安全选项对吗?可以这样定制吗
    【解决方案2】:

    从 loadUserByUsername 返回的 UserDetails 将用于匹配您使用您在 SecurityConfiguration 中设置的 passwordEncoder 传入的密码

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
    }
    

    密码编码器接口

    public interface PasswordEncoder {
        String encode(CharSequence rawPassword);
        boolean matches(CharSequence rawPassword, String encodedPassword);
    

    rawPassword 参数是你传入的密码

    编辑:

    你需要有一个如下的 SecurityConfiguration 类:

    @Configuration
    @EnableWebSecurity
    @ComponentScan
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
        @Inject
        private LoginUserDetails loginUserDetails;
    
        @Bean
        public BCryptPasswordEncoder passwordEncoder(){
            return new BCryptPasswordEncoder();
        }
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .antMatchers("/login").permitAll()
                    .and()
                .authorizeRequests()
                    .anyRequest().hasRole("ROLE_USER")
                    .and()
                .formLogin()
                    .usernameParameter("j_username") //user name form name
                    .passwordParameter("j_password") //password form name
                    .loginProcessingUrl("/j_spring_security_check") //form submit url
                    .loginPage("/login")
                    .failureUrl("/")
                    .defaultSuccessUrl("")
                    .and()
                    .logout()
                    .logoutSuccessUrl("/");
        }
    
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(loginUserDetails).passwordEncoder(passwordEncoder);
        }
    

    【讨论】:

    • 我需要在哪里添加此代码...只需检查我的代码我已经粘贴了我的整个 userLoginDetails 代码
    • 我有一个这样的 security-config.xml。除了这个,我还需要创建这个SecurityConfiguration吗?
    猜你喜欢
    • 2023-03-17
    • 1970-01-01
    • 2016-12-14
    • 2012-03-23
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2010-10-09
    • 1970-01-01
    相关资源
    最近更新 更多