[英]Customize login in Grails Spring Security plugin
我有一個應用程序,該登錄名應包含組織號,因此登錄名應為用戶名+密碼+組織號 。
示例案例:如果用戶名+密碼與現有用戶匹配,我需要檢查該用戶是否具有組織ID。 如果不是,則登錄將失敗。
我看到spring安全插件的登錄表單提交到/app/j_spring_security_check
但是找不到實際實現的位置。
另外,我不確定觸摸是否是實現此自定義登錄的正確方法。
我的問題是在哪里/如何自定義登錄操作? (以使其在上述情況下失敗)。
我們可以通過覆蓋過濾器UserNamePasswordAuthenticationFilter並提供自定義的tryAuthentication來做到這一點。 因此,轉到DefaultSecurityConfig.groovy文件(在插件內部)。 請參見下面的樹形圖:
target
|-work
|-plugins
|-spring-security-core-2.0-RC5
|-conf
|-DefaultSecurityConfig.groovy
在apf閉合下的DefaultSecurityConfig.groovy中,我們指定filterProcessUrl,可以像在其他屬性中所做的一樣在grails應用程序的Config.groovy中覆蓋它(例如,ifIfIfNoRule)
grails.plugin.springsecurity.apf.filterProcessesUrl="your url"
現在我們了解了它如何檢查身份驗證。讓我們通過重寫名為UsernamePasswordAuthenticationFilter的過濾器的tryAuthentication方法來自定義其方式。 例如,請參見下文(另請參閱此處添加的嵌入式注釋)
package org.springframework.security.web.authentication;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.util.Assert;
public class CustomUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
/** @deprecated */
@Deprecated
public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";
private String usernameParameter = "j_username";
private String passwordParameter = "j_password";
private String organisationParameter = 'j_organisation'
private boolean postOnly = true;
public UsernamePasswordAuthenticationFilter() {
super("/j_spring_security_check");
}
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
if(this.postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
} else {
String username = this.obtainUsername(request);
String password = this.obtainPassword(request);
String password = this.obtainOrganisation(request);
//regular implementation in spring security plugin /**
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
this.setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
**/
//Your custom implementation goes here(Authenticate on the basis of organisation as well). Here you need to customise authenticate as per your requirement so that it checks for organisation as well.
}
protected String obtainOrganisation(HttpServletRequest request) {
return request.getParameter(this.organisationParameter);
}
protected String obtainPassword(HttpServletRequest request) {
return request.getParameter(this.passwordParameter);
}
protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(this.usernameParameter);
}
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
}
public void setUsernameParameter(String usernameParameter) {
Assert.hasText(usernameParameter, "Username parameter must not be empty or null");
this.usernameParameter = usernameParameter;
}
public void setPasswordParameter(String passwordParameter) {
Assert.hasText(passwordParameter, "Password parameter must not be empty or null");
this.passwordParameter = passwordParameter;
}
public void setPostOnly(boolean postOnly) {
this.postOnly = postOnly;
}
public final String getUsernameParameter() {
return this.usernameParameter;
}
public final String getPasswordParameter() {
return this.passwordParameter;
}
}
因此,就彈簧安全性而言,這更是一項首要任務。
要獲取有關同一更加清晰的思路閱讀這個漂亮的鏈接 Java和Grails的閱讀此
希望能幫助到你。
這些博客更詳細地介紹了相同的要求。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.