1) started to encounter a problem, all the action can not intercept, it seems that spring security has failed, and then after all the action before adding "/" in the database resources is similar to/***.action, so there is no problem. I personally think there is a good solution, that is, different roles can be accessed by the JSP to build the unused package, and then struts2 the configuration file with different packages, not the package as a different namespace, so it is more clear, and then the page all the action before the corresponding package name, This is more convenient interception, in the Database Resource table as long as the configuration/admin/**,/user/** and so on. In fact, spring security This interception method is request interception, is the SS default interception method, if you want to use forward interception, remember in Web. XML is configured as follows:
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
< url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher> Request</dispatcher>
</filter-mapping>
In general, however, it is best to intercept the request, and the reason is simple, needless to say.
2) The second is from the landing page back to the parameter of the problem, is to add a few parameters when logging in, the default Authenticationprocessfilter neither support saving additional parameters, nor provide extension points to achieve this function, actually is the spring Security-3.x also because only one handler can be configured, the actual expansion is still more troublesome. So the general choice at this time is to customize the filter. For this we want to extend Authenticationprocessfilter, here can write a loginfilter inherit Authenticationprocessfilter, In fact we just need to rewrite attemptauthentication () This method, first call Super.attemptauthentication () to get the generated authentication, if this part does not throw an exception, Let's go down and get the mark parameter from the request and save the parameter to the session. Finally, the authentication object is returned.
Turn a paragraph:
The common problem is that when you add several parameters to your login, the default Authenticationprocessfilter neither supports saving extra parameters nor provides extension points to implement this function, which is actually a spring Security-3.x also because only one handler can be configured, the actual expansion is still more troublesome. So the general choice at this time is to customize the filter.
Our goal is to add a mark parameter to the login, in addition to the user name and password.
Our goal is to save this parameter to the session at login time for later use. To do this we want to extend Authenticationprocessfilter:
public class Loginfilter extends Authenticationprocessingfilter { & Nbsp;public Authentication Attemptauthentication (HttpServletRequest request) throws Authenticationexception { &
Nbsp; authentication authentication = super.attemptauthentication (request);
string mark = Request.getparameter ("Mark");
request.getsession (). SetAttribute ("Mark", "Mark");
return authentication; }}
In fact, we just need to rewrite the Attemptauthentication () method, first call Super.attemptauthentication () to get the generated authentication, if this part does not throw an exception, Let's go down and get the mark parameter from the request and save the parameter to the session. Finally, the authentication object is returned. Under
, modify the configuration file, add a bean named Loginfilter in the XML, use Custom-filter to add it to the filter chain, and put it in front of the original form-login.
<beans:bean id= "Loginfilter" class= " Com.family168.springsecuritybook.ch211.LoginFilter "> <custom-filter before=" Authentication_processing_filter "/> <beans:property name=" AuthenticationManager " ref= "_authenticationmanager"/> <beans:property name= "defaultTargetUrl" value= "/"/ > </beans:bean>
This way our custom loginfilter will replace the original authenticationprocessfilter processing the user login and save the additional mark parameters to the session when the user logs on successfully. After
In the JSP, we can get Mark's parameter value directly through ${sessionscope[' mark '}.