[英]Spring security how to properly apply filter to get param from URL
In spring security I need to have custom authentication with param from site that user trying to get access, for example: 在spring security中,我需要使用用户尝试访问的站点的param进行自定义身份验证,例如:
User trying to access: 用户尝试访问:
myapp.com/res?param=value
In authentication process I need this value
from param, how can I get this? 在身份验证过程中,我需要从param中获取此
value
,如何获得此值?
Also I have custom UserDetailsService
where I need this param
. 我也有自定义
UserDetailsService
我需要此param
。
I was trying something like this: 我正在尝试这样的事情:
public class MyFilter extends UsernamePasswordAuthenticationFilter {
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
System.out.println("\n\n"+request.getRequestURI().substring(request.getContextPath().length()) +"\n\n");
super.doFilter(arg0, arg1, arg2);
}
}
Which I apllied: 我曾提出:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(
new MyFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
This filter print out the url with my param but how Can I provide this in my custom UserDetailsService
? 该过滤器使用我的参数打印出URL,但是如何在自定义
UserDetailsService
呢? Also I'm not sure this filter is properly. 另外,我不确定此筛选器是否正确。
I use spring-security 5.0.0 with spring 5.0.2 我在spring 5.0.2中使用spring-security 5.0.0
Thanks, 谢谢,
how Can I provide this in my custom
UserDetailsService
?如何在我的自定义
UserDetailsService
提供此信息?
By using Spring
built-in request handlers. 通过使用
Spring
内置的请求处理程序。
@RestController
public class UserDetailService {
@RequestMapping(value = "/res", method = RequestMethod.GET)
public void getRes(
@RequestParam(required = false, defaultValue = "value", value="param") final String param) {
// param contains the value of the parameter in the URL
}
}
More on this here , here and here . 在这里 , 这里和这里的更多信息 。
You should use the filter
only to validate the requests and block them if needed. 您应该仅使用
filter
来验证请求,并在需要时阻止它们。
All business logic should be implemented in the @Controller
and @Service
classes. 所有业务逻辑都应在
@Controller
和@Service
类中实现。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.