我正在尝试在我的应用程序中使用spring boot security。我需要访问销售人员和客户。每个都映射到不同的实体,然后使用不同的存储库。
我的UserDetailServive实现如何根据自定义表单参数使用不同的存储库?
for i in userInput.split():
if i in aList:
userInput = userInput.replace( i, "one" )
elif i in bList:
userInput = userInput.replace( i, "two" )
答案 0 :(得分:0)
您可以将userName加userType加任意字符,例如冒号:
userName:userType,并在loadUserByUsername方法中拆分并获取它
String[] parts = userName.split(":");
但是,当您将自定义参数加入userName时,您必须自定义身份验证过滤器。在我的例子中,我添加了新的自定义参数名称为dmBhxhId。我创建CustomUser:
public class CustomUser extends User {
private Long dmBhxhId;
public Long getDmBhxhId() {
return dmBhxhId;
}
public void setDmBhxhId(Long dmBhxhId) {
this.dmBhxhId = dmBhxhId;
}
public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities,
Long dmBhxhId) {
super(username, password, authorities);
this.dmBhxhId = dmBhxhId;
}
public CustomUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
}
}
我自定义身份验证过滤器
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
private String extraParameter = "extra";
private String delimiter = ":";
/**
* Given an {@link HttpServletRequest}, this method extracts the username
* and the extra input values and returns a combined username string of
* those values separated by the delimiter string.
*
* @param request
* The {@link HttpServletRequest} containing the HTTP request
* variables from which the username client domain values can be
* extracted
*/
@Override
protected String obtainUsername(HttpServletRequest request) {
String username = request.getParameter(getUsernameParameter());
String extraInput = request.getParameter(getExtraParameter());
Map<String, String[]> map = request.getParameterMap();
String combinedUsername = username + getDelimiter() + extraInput;
return combinedUsername;
}
/**
* @return The parameter name which will be used to obtain the extra input
* from the login request
*/
public String getExtraParameter() {
return this.extraParameter;
}
/**
* @param extraParameter
* The parameter name which will be used to obtain the extra
* input from the login request
*/
public void setExtraParameter(String extraParameter) {
this.extraParameter = extraParameter;
}
/**
* @return The delimiter string used to separate the username and extra
* input values in the string returned by
* <code>obtainUsername()</code>
*/
public String getDelimiter() {
return this.delimiter;
}
/**
* @param delimiter
* The delimiter string used to separate the username and extra
* input values in the string returned by
* <code>obtainUsername()</code>
*/
public void setDelimiter(String delimiter) {
this.delimiter = delimiter;
}
}
在SecurityConfiguration文件中,我初始化CustomAuthenticationFilter
@Bean
public CustomAuthenticationFilter customAuthenticationFilter() throws Exception {
CustomAuthenticationFilter bcsAuthFilter = new CustomAuthenticationFilter();
bcsAuthFilter.setAuthenticationManager(authenticationManager());
bcsAuthFilter.setAuthenticationFailureHandler(ajaxAuthenticationFailureHandler);
bcsAuthFilter.setAuthenticationSuccessHandler(ajaxAuthenticationSuccessHandler);
bcsAuthFilter.setFilterProcessesUrl("/api/authentication");
bcsAuthFilter.setPostOnly(true);
bcsAuthFilter.setExtraParameter("dm_bhxh_id");
bcsAuthFilter.setUsernameParameter("j_username");
bcsAuthFilter.setPasswordParameter("j_password");
return bcsAuthFilter;
}
并在configure方法中调用它
.addFilterBefore(bcsAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
看起来像
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.ignoringAntMatchers("/websocket/**").ignoringAntMatchers("/api/public/odts/**")
.and()
.addFilterBefore(bcsAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class)
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
....
完成,希望能帮到你! 对不起,我的英语不好。