如何在Spring身份验证成功处理程序方法中访问原始的HttpServletRequest对象?

时间:2013-02-01 15:00:03

标签: spring authentication spring-security request

我正在使用Spring 3.1.1.RELEASE。如何在身份验证成功处理程序方法中访问原始请求对象?当我提交spring安全表单时,我提交了三个参数,用户名,密码和第三个标记(param name =“token”)。我试过这个...... 

@RequestMapping(value = "/authenticate")
public String authenticate() 
{
    final HttpServletRequest origRequest = 
                ((ServletRequestAttributes) RequestContextHolder.
                        currentRequestAttributes()).getRequest();
    String token = origRequest.getParameter("token");

但是,值“token”始终为null,即使我知道它不是在我提交请求时。以下是我配置Spring安全性的方法...... 

<beans:bean id="springboardUsernamePasswordUrlAuthenticationFilter" 
    class="org.collegeboard.springboard.dido.security.SpringboardUsernamePasswordUrlAuthenticationFilter">
    <beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="authenticationFailureHandler">
        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
            <beans:property name="defaultFailureUrl" value="/login/failure"/>
        </beans:bean>
    </beans:property>
    <beans:property name="authenticationSuccessHandler">
        <beans:bean
            class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
            <beans:property name="defaultTargetUrl" value="/pdregistration/authenticate" />
        </beans:bean>
    </beans:property>
</beans:bean>

感谢您的帮助, - 戴夫

1 个答案:

答案 0 :(得分:2)

已经很晚了。成功验证后,您的用户被SimpleUrlAuthenticationSuccessHandler 重定向到/ authenticate。如果您需要访问以前的HTTP请求,那么只需为 authenticationSuccessHandler 提供您自己的实现。此时您将能够获得您的令牌:

public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
        // grab your token here from request
        super.onAuthenticationSuccess(request, response, authentication);
    }
}

<beans:property name="authenticationSuccessHandler">
    <beans:bean
        class="com.domain.security.CustomAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/pdregistration/authenticate" />
    </beans:bean>
</beans:property>
相关问题
最新问题