我使用Spring Boot在项目中实现了安全层。现在,我想知道如何使用HttpServletRequest或@Service图层中的@Dao来获取请求参数。我尝试了一些方法来获取请求参数,我可以使用用户名和密码,但我需要在Dao中传递它。我的代码:
安全层代码:
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter{
@Autowired
UserDao userDao;
@Autowired
HttpServletRequest request;
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
UserDetails userDetails;
@Autowired
private RESTAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private RESTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/css/**", "/fonts/**", "/images/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
request.getParameter("username");
http.authorizeRequests().antMatchers("/", "/index.html","/home.html","/static/*","/home/*", "/login.html","/login").permitAll();
http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic().and().csrf().disable();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login/authenticate").successHandler(authenticationSuccessHandler);
http.formLogin().failureHandler(authenticationFailureHandler);
http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true);
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
// CSRF tokens handling
http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);
http.addFilterBefore(tokenProcessingFilter(), RequestFetcher.class);
}
/**
* Configures the authentication manager bean which processes authentication
* requests.
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// Dao based authentication
auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
}
private AccessDeniedHandler accessDeniedHandler() {
return new AccessDeniedHandler() {
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
AccessDeniedException accessDeniedException) throws IOException, ServletException {
response.getWriter().append("Access denied");
response.setStatus(403);
}
};
}
/**
* This is used to hash the password of the user
* when we need to use BCrypt.
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(10);
}
/**
* This bean is load the user specific data when form login is used.
*/
@Bean
public UserDetailsService userDetailsService() {
return new MyCustomUserDetailsService(userDao);
}
@Bean
public RequestFetcher tokenProcessingFilter() throws Exception {
RequestFetcher tokenProcessingFilter = new RequestFetcher();
tokenProcessingFilter.setAuthenticationManager(authenticationManager());
return tokenProcessingFilter;
}
}
public class RequestFetcher extends UsernamePasswordAuthenticationFilter{
private String userName = "";
private String password = "";
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = this.getAsHttpRequest(request);
userName = httpRequest.getParameter("username");
System.out.println("===Username===" +userName);
password = httpRequest.getParameter("password");
System.out.println("===Password===" +password);
chain.doFilter(request, response);
}
private HttpServletRequest getAsHttpRequest(ServletRequest request){
if (!(request instanceof HttpServletRequest)) {
throw new RuntimeException("Expecting an HTTP request");
}
return (HttpServletRequest) request;
}
public String getUserName(){
return userName;
}
public void setUserName(String userName){
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
有人可以帮助我获取请求参数吗?