GRAILS Spring Security Plugins
Question
I am using spring security plugin for my grails app, but I have a requirement to pre-process the username before authentication, for example if user enters "domain\\username", I only need to remove domain.
I am using these plugins
compile ":spring-security-core:2.0-RC5"
compile ":spring-security-ldap:2.0-RC2"
Also, I cannot add a custom form, I need to use basic auth for this.Thanks.
2 answers
solution1
0 2015-08-05 21:51:45
I haven't done this myself, but I can give you a glimpse of what you need to do.
The LoginController doesn't handle the HTTP POST that comes from the login form. As you can see in the auth method here , the HTTP POST url comes from a configuration entry. The URL is probably /j_spring_security_check. That URL corresponds to a Spring Security filter, not a Grails controller method. Essentially, you'll need to set up a filter that intercepts /j_spring_security_check and strips off the domain from the username.
There's plenty to learn about these filters. I'm still figuring it all out, but a good resource is the Spring Security Reference . The Twitter Auth plugin subclasses AbstractAuthenticationProcessingFilter , implements attemptAuthentication() , and then registers the filter using SpringSecurityUtils.registerFilter() .
solution2
0 2015-08-06 22:16:23
我可以通过重写BasicAuthenticationFilter并根据需要将doFilter()方法更改为自定义方法来解决此问题。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.