如何在 Spring Security SecurityConfig 中获取用户给定的用户名和密码？答案

【问题标题】：How to get user-given username and password in Spring Security SecurityConfig?如何在 Spring Security SecurityConfig 中获取用户给定的用户名和密码？
【发布时间】：2020-09-07 20:56:21
【问题描述】：

对于某些要求，我需要登录页面中用户提供的用户名和密码。（由用户输入）

但是，我无法进入以下 SecurityConfig 的配置方法。

@EnableWebSecurity 公共类 SecurityConfig 扩展 WebSecurityConfigurerAdapter {

@Autowired
PasswordEncoder passwordEncoder;

@Autowired
DataSource dataSource;

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    **// Wants to get user-given username and password**


         auth.jdbcAuthentication().dataSource(dataSource)
         .passwordEncoder(passwordEncoder())
         .usersByUsernameQuery("select username,password, true from user where username=?")
        .authoritiesByUsernameQuery("select u.username, r.rolename from user u, role r where u.roleId = r.id and u.username=?");


     }

}

【问题讨论】：

标签： spring spring-mvc spring-security spring-security-rest

【解决方案1】：

好吧，这里不应该这样做。如果您想获取用户凭据，您应该在您的过滤器之一中实现它。例如，您可以定义一个新的。

@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
class AuthFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }


    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        if (request.getContentType() != null && request.getContentType().contains("application/json") && Objects.equals(((RequestFacade) request).getServletPath(), "/oauth/token")) {
            InputStream is = request.getInputStream();
            ByteArrayOutputStream buffer = new ByteArrayOutputStream();

            int nRead;
            byte[] data = new byte[16384];

            while ((nRead = is.read(data, 0, data.length)) != -1) {
                buffer.write(data, 0, nRead);
            }
            buffer.flush();
            byte[] json = buffer.toByteArray();

            HashMap<String, String> result = new ObjectMapper().readValue(json, HashMap.class);
            HashMap<String, String[]> r = new HashMap<>();
            for (String key : result.keySet()) {
                String[] val = new String[1];
                val[0] = result.get(key);
                r.put(key, val);
            }

            String[] val = new String[1];
            val[0] = ((RequestFacade) request).getMethod();
            r.put("_method", val);

            HttpServletRequest s = new MyServletRequestWrapper(((HttpServletRequest) request), r);
            chain.doFilter(s, response);
        } else {
            chain.doFilter(request, response);
        }
    }

    @Override
    public void destroy() {
    }
}

例如，这段代码将查询参数放入请求正文中。

【讨论】：