我很想看看你的spring配置文件。无论如何,看起来您在春季安全性实际上会为您执行此操作时尝试验证用户的凭据。如果你不确定如何开始,请阅读spring的文档,包括任何可以找到的在线教程。这里是我的春天的安全配置是什么样子:
<security:http auto-config="true" use-expressions="true" access-denied-page="/login.html">
<security:form-login
login-page="/login.html"
authentication-failure-url="/loginfail.html"
default-target-url="/authenticate.html"/>
<security:logout
invalidate-session="true"
logout-success-url="/login.html"
logout-url="/logoff.html"/>
</security:http>
<bean id="securityDataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="java:comp/env/security_DS"/>
<property name="resourceRef" value="true"/>
</bean>
<bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder ref="encoder" />
<security:jdbc-user-service
data-source-ref="securityDataSource"
authorities-by-username-query="SELECT l.user_name as username, r.role_name AS authority FROM login l join user_role ur on l.user_id = ur.user_id join role r on ur.role_id = r.role_id WHERE l.user_name = ?"
users-by-username-query="SELECT user_name as username, password_value AS password, active_flg AS enabled FROM login WHERE user_name = ?"
/>
</security:authentication-provider>
</security:authentication-manager>
如果你想拥有访问权限的用户名泉已经验证用户的凭证后,做这样的事情:
@RequestMapping(value = { "/authenticate.html" }, method = { RequestMethod.GET, RequestMethod.HEAD })
public ModelAndView authenticateUser(final HttpServletRequest httpServletRequest, HttpSession httpSession, Authentication authentication) {
User user = (User) authentication.getPrincipal();
String userName = user.getUsername();
...
你可以看到,该请求将被转发到基于我在我的spring配置中指定的default-target-url的/authenticate.html方法。
我要补充一点,我用 session.getAttribute(“SPRING_SECURITY_LAST_USERNAME”) ,仍然我得到空。 –