I constructed a filter that runs before the "springSecurityFilterChain" and this filter needs the j_username for its doFilter method. Unfortuntaly it's impossible to use a Principal object and get the username throught getName() before the end of a successful authentication.
Is there any other way to get the j_username in this first filter?
我构造了一个在“springSecurityFilterChain”之前运行的过滤器,这个过滤器需要j_username用于其doFilter方法。不幸的是,在成功验证结束之前,不可能使用Principal对象并通过getName()获取用户名。有没有其他方法可以在第一个过滤器中获取j_username?
1 个解决方案
#1
Override
public class ExUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
final String username = request.getParameter("j_username");
// delegate your logic
return super.attemptAuthentication(request, response);
}
}
in security config < http />
在安全配置
<bean id="exUsernamePasswordAuthFilter" class="..." />
<custom-filter ref="exUsernamePasswordAuthFilter" position="FORM_LOGIN_FILTER"/>
#1
Override
public class ExUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
final String username = request.getParameter("j_username");
// delegate your logic
return super.attemptAuthentication(request, response);
}
}
in security config < http />
在安全配置
<bean id="exUsernamePasswordAuthFilter" class="..." />
<custom-filter ref="exUsernamePasswordAuthFilter" position="FORM_LOGIN_FILTER"/>