我有一个SpringBoot 2.1.4.RELEASE应用程序。安全配置文件中的这些方法:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/calzadas/list")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.eraseCredentials(false)
.userDetailsService(userSecurityService)
.passwordEncoder(passwordEncoder());
}
这里是我的LoginController
@Controller
public class LoginController extends ICryptsController {
private static final Logger LOG = LoggerFactory.getLogger(LoginController.class);
/** The login view name */
public static final String LOGIN_VIEW_NAME = "login/login";
@RequestMapping(value={ "/", "/login"}, method = {RequestMethod.GET})
public String login() {
return serverContextPath + "/" + LOGIN_VIEW_NAME;
}
}
但是我现在不从何处以纯文本(用户/密码)提取用户的凭证
答案 0 :(得分:0)
您可以从控制器类中的方法参数中检索凭证。例如。既然您输入了成功网址,就可以这样做。
@Controller
public class LoginController extends ICryptsController {
...
@RequestMapping(value={ "/calzadas/list"}, method = {RequestMethod.GET})
public void list(Authentication auth) {
Object credentials = auth.getCredentials();
}
这只是一种方式,互联网上有很多例子。