问题
While user tries to login I want to pass an extra parameter userAccountID, and access in loadUserByUsername for querying db user with name and userAccountID.
userDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException;
How can I achieve this above user case?
Thanks in advance.
Below is my login Java configuration but it not working empty login page in coming
@Bean
public AuthenticationSuccessHandlerImpl getAuthenticationSuccessHandlerImpl() throws Exception
{
return new AuthenticationSuccessHandlerImpl();
}
@Bean
public TwoFactorAuthenticationFilter authenticationFilter() throws Exception{
TwoFactorAuthenticationFilter authFilter = new TwoFactorAuthenticationFilter();
authFilter.setAuthenticationManager(authenticationManager());
authFilter.setAuthenticationSuccessHandler( authenticationSuccessHandler );
authFilter.setPostOnly( true );
return authFilter;
}
@Override
protected AuthenticationManager authenticationManager() throws Exception
{
return super.authenticationManager();
}
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http .addFilterBefore( new TwoFactorAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class )
.exceptionHandling()
.accessDeniedPage( "/403" )
.and()
.authorizeRequests()
.antMatchers( "/login**" ).permitAll()
/*.antMatchers( "/admin*//**" ).hasRole( "ADMIN" )*/
.antMatchers( "/adminPage" ).access( "hasRole('ROLE_ADMIN')" )
.and().csrf().disable()
.formLogin().loginPage( "/login" ).failureUrl( "/login?error" )
.usernameParameter( "username" ).passwordParameter( "password" )
//.successHandler( authenticationSuccessHandler )
.and()
.logout().invalidateHttpSession( true ).deleteCookies( "JSESSIONID" ).logoutUrl( "/logout" ).logoutSuccessUrl( "/logout-success" )
.and()
.sessionManagement()
.invalidSessionUrl( "/login" )
.maximumSessions( 1 );
}
回答1:
You can extend your UsernamePasswordAuthenticationFilter. Under the obtainUsername method, you can take the another parameter.
public class TwoFactorAuthenticationFilter extends UsernamePasswordAuthenticationFilter
{
@Override
protected String obtainUsername(HttpServletRequest request)
{
String username = request.getParameter(getUsernameParameter());
String extraInput = request.getParameter("userAccountID");
String combinedUsername = username + ":" + extraInput;
return combinedUsername;
}
}
Now you can modify your loadUserByUsername method as:
@Override
public UserDetails loadUserByUsername(String input) throws UsernameNotFoundException, DataAccessException
{
String[] split = input.split(":");
String username = split[0];
String extraInput = split[1];
// and your queries etc
This is an easy way. For full tutorial you can visit here: http://blog.awnry.com/post/16183749439/two-factor-authentication-and-spring-security-3
来源:https://stackoverflow.com/questions/32989305/how-to-add-a-parameter-to-login-page-and-access-in-loaduserbyusername-method-spr