Spring安全过滤器和已发布数据

时间:2011-03-27 10:58:37

标签: spring spring-security

我编写了一个自定义Spring Security过滤器,需要使用发布给它的用户XML数据。过滤器如何获取发布的数据?

2 个答案:

答案 0 :(得分:1)

这不是真正针对Spring Security的问题,因为您可能只是实现了javax.servlet.Filter接口。在这种情况下,您正在实施该方法:

public void doFilter ( ServletRequest request, ServletResponse response, 
   FilterChain chain ) throws IOException, ServletException;

如果您需要特定于HTTP的数据(通常需要),您可以将ServletRequest转换为HttpServletRequest

import javax.servlet.http.HttpServletRequest;
// ...
HttpServletRequest httpRequest = (HttpServletRequest) request;
String xml = httpRequest.getParameter("xml");

如果您要扩展其中一个标准的Spring Security过滤器,请务必查看您要扩展的过滤器的来源!其中许多已经覆盖doFilter并期望您将覆盖另一种方法来增强其行为。

答案 1 :(得分:0)

阅读AbstractAuthenticationProcessingFilter的文档(基于您之前的问题,我想这是您的自定义过滤器扩展的类),要实现的抽象方法是attemptAuthentication,它接收HttpServletRequest和HttpServletResponse作为参数:

Parameters:
    request - from which to extract parameters and perform the authentication
    response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OpenID).