I use Spring login system using the following 2 queries:
1)
users-by-username-query="select email,password,abilitato from
utente_autenticazione where email=?"
2)
authorities-by-username-query="select u1.email, u2.ruolo from
utente_autenticazione u1, utente_autorizzazione u2 where
u1.id_utente = u2.id_utente and u1.email =?
Is there a way to handle those resulsets inside a class? I want to be able to know email, password etc, after a user has logged in.
You can create custom filters for this as below:
1) Spring-security.xml
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserDetailsService" >
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login"/>
</beans:bean>
<beans:bean id="successHandler" class="com.demo.service.impl.LoginSuccessHandler" >
<beans:property name="defaultSuccessUrl" value="user"/>
</beans:bean>
<beans:bean id="failureHandler" class="com.demo.service.impl.LoginFailureHandler">
<beans:property name="defaultFailureUrl" value="failure"/>
</beans:bean>
<http auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />
<access-denied-handler error-page="/denied"/>
<logout invalidate-session="true"
logout-success-url="/logout/success"
logout-url="/logout"/>
<logout logout-success-url="/login?error"/>
</http>
<beans:bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
<beans:property name="authenticationFailureHandler" ref="failureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="successHandler"/>
</beans:bean>
By doing this after successful login you can access username, password from LoginSuccessHandler.
2) LoginSuccessHandler
public class LoginSuccessHandler implements AuthenticationSuccessHandler{
private String defaultSuccessUrl;
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication auth) throws IOException,
ServletException {
String username = auth.getName();
System.out.println("username>>"+username);
response.sendRedirect(defaultSuccessUrl);
}
}
In the same way you can also call the LoginFailureHandler to do some work like block the user on number of invalids trials for login.
Hope this help.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.