I'm currently working with Grails and the Spring Security plugin and trying to implement a password expiration workflow. I've configured the plugin as expected:
grails.plugins.springsecurity.failureHandler.exceptionMappings = [
'org.springframework.security.authentication.CredentialsExpiredException': '/login/passwordExpired'
]
and in my passwordExpired action if I call:
def username = session['SPRING_SECURITY_LAST_USERNAME']
then in the username the HTML special characters are going to be escaped like
my_user => my_user
my-user => my-user
Is it possible to turn this escaping off?
Ritesh mentioned here spring_security_last_username that the SPRING_SECURITY_LAST_USERNAME is deprecated, so what else can I use?
For any help, thanks in advance!
The String 'SPRING_SECURITY_LAST_USERNAME'
isn't deprecated - the old constant with that value is and has been moved with a new name but the same value. So your code will continue to be valid.
Rather than changing things to not escape, you can un-escape easily:
import org.apache.commons.lang.StringEscapeUtils
...
String username = StringEscapeUtils.unescapeHtml(session['SPRING_SECURITY_LAST_USERNAME'])
You don't need to use a tool. Use Grails HTML codec:
username = session['SPRING_SECURITY_LAST_USERNAME']?.decodeHTML()
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.