2

我正在使用 Spring 3.1.1.RELEASE。如何在身份验证成功处理程序方法中访问原始请求对象?当我提交我的 spring 安全表单时,我提交了三个参数,用户名、密码和第三个令牌(param name = "token")。这个我试过了……</p> 

@RequestMapping(value = "/authenticate")
public String authenticate() 
{
    final HttpServletRequest origRequest = 
                ((ServletRequestAttributes) RequestContextHolder.
                        currentRequestAttributes()).getRequest();
    String token = origRequest.getParameter("token");

但是,“token”的值始终为空,即使我在提交请求时知道它不是。以下是我配置 Spring 安全性的方法……</p> 

<beans:bean id="springboardUsernamePasswordUrlAuthenticationFilter" 
    class="org.collegeboard.springboard.dido.security.SpringboardUsernamePasswordUrlAuthenticationFilter">
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="authenticationFailureHandler">
        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/login/failure"/>
        </beans:bean>
    </beans:property>
    <beans:property name="authenticationSuccessHandler">
        <beans:bean
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/pdregistration/authenticate" />
        </beans:bean>
    </beans:property>
</beans:bean>

感谢您的帮助,-戴夫

4

1 回答 1

2

为时已晚。成功验证后,您的用户被SimpleUrlAuthenticationSuccessHandler重定向到 /authenticate。如果您需要访问以前的 HTTP 请求,那么只需为authenticationSuccessHandler提供您自己的实现。此时您将能够获得您的令牌:

public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        // grab your token here from request
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

<beans:property name="authenticationSuccessHandler">
    <beans:bean
        class="com.domain.security.CustomAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/pdregistration/authenticate" />
    </beans:bean>
</beans:property>
于 2013-02-01T15:51:50.803 回答