我可以在使用Spring Security的身份验证时获取请求参数吗?
[英]Can I get the request parameter at authentication time with spring security?
问题描述
I have developed a java spring server with security and JWT. 
我已经开发了具有安全性和JWT的Java Spring服务器。 while developing, I got the question in the title because I should know the parameter value at authentication time. 在开发过程中,标题中出现了问题,因为我应该在身份验证时知道参数值。 Unless it, I should send JWT as the parameter. 除非它,否则我应该发送JWT作为参数。
Can I get the request parameter without affecting get parameters in the controller at the authentication time? 可以在身份验证时获取请求参数而不影响控制器中的get参数吗?
Exactly, I wanna compare the JWT payload and some data. 确实,我想比较JWT有效负载和一些数据。
1 个解决方案
解决方案1
1 2019-06-10 07:06:42
Sure. 当然。 Spring Security is designed based on the standard Servlet Filter which is composed of a series of FilterChain for processing a HTTP request. Spring Security是基于标准Servlet过滤器设计的,该过滤器由一系列用于处理HTTP请求的FilterChain组成。 Each filter in the chain is responsible for doing a particular thing such as authentication , authorization, session management, CSRF protection, exception handling etc... 链中的每个过滤器都负责做特定的事情,例如身份验证,授权,会话管理,CSRF保护,异常处理等。
Because of that , it means you can implement a Filter and play with the HttpServletRequest API to get the request parameter to validate JWT such as : 因此,这意味着您可以实现一个Filter并使用HttpServletRequest API来获取用于验证JWT的请求参数,例如:
httpServletRequest.getHeader("xxxx");
httpServletRequest.getParameter("xxxxx");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.