0

I created a login page using spring_security_check.
Here:

<form name='f' action="/sec_test/j_spring_security_check" method='POST'>

    <table>
        <tr>
            <td>User:</td>
            <td><input type="text" name="j_username" value=''>
            </td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type="password" name="j_password" />
            </td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit"
                value="submit" />
            </td>
        </tr>
        <tr>
            <td colspan='2'><input name="reset" type="reset" />
            </td>
        </tr>
    </table>
</form>

But I can not have access to j_username afterward.

I've tried:

* request.getParameter("j_username")
* request.getAttribute("j_username")
* request.getAttribute("j_username")
* request.getUserPrincipal().getName()
* request.getRemoteUser()

From all of them, all I'm getting is null!

Any idea what to do?

4

2 回答 2

2

Spring does authentication for you based on type of the authentication configured in your configuration file. Once authentication is successful it redirects to the login success url(say /login.htm). Because it redirects to /login.htm, you will not get any request parameter (username/user role) unless explicitly set in request in overriden authentication filter.

After successful authentication spring stores the authenticated information in security context, including user roles. You can access this information from SecurityContext. Refer - link

于 2012-06-18T11:50:33.547 回答
0

I'd be interested to see your spring config files. Regardless, it appears you are trying to validate the user's credentials when spring security will actually do that for you. If you're unsure how to get started, read up on spring's documentation, including any online tutorials you can find. Here's what my spring security config looks like:

<security:http auto-config="true" use-expressions="true" access-denied-page="/login.html">
    <security:form-login
        login-page="/login.html"
        authentication-failure-url="/loginfail.html"
        default-target-url="/authenticate.html"/>

    <security:logout
        invalidate-session="true"
        logout-success-url="/login.html"
        logout-url="/logoff.html"/>
</security:http>

<bean id="securityDataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
    <property name="jndiName" value="java:comp/env/security_DS"/>
    <property name="resourceRef" value="true"/>
</bean>

<bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />

<security:authentication-manager>
    <security:authentication-provider>
        <security:password-encoder ref="encoder" />
        <security:jdbc-user-service 
            data-source-ref="securityDataSource"
            authorities-by-username-query="SELECT l.user_name as username, r.role_name AS authority FROM login l join user_role ur on l.user_id = ur.user_id join role r on ur.role_id = r.role_id WHERE l.user_name = ?"
            users-by-username-query="SELECT user_name as username, password_value AS password, active_flg AS enabled FROM login WHERE user_name = ?"
        />        
    </security:authentication-provider>
</security:authentication-manager>

If you want to have access to the user name after spring has validated the user's credentials, do something like this:

@RequestMapping(value = { "/authenticate.html" }, method = { RequestMethod.GET, RequestMethod.HEAD })
public ModelAndView authenticateUser(final HttpServletRequest httpServletRequest, HttpSession httpSession, Authentication authentication) {
    User user = (User) authentication.getPrincipal();
    String userName = user.getUsername();
    ...

You can see that the request will be forwarded to the /authenticate.html method based on the default-target-url that I specified in my spring config.

于 2012-06-16T14:23:03.207 回答