如何使用spring security从失败的登录中获取用户名？

本文介绍了如何使用spring security从失败的登录中获取用户名？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们使用的是spring security 3.0.5，Java 1.6和Tomcat 6.0.32。在我们的.xml配置文件中，我们有：

We're using spring security 3.0.5, Java 1.6 and Tomcat 6.0.32. In our .xml config file we've got:

<form-login login-page="/index.html" default-target-url="/postSignin.html" always-use-default-target="true"
 authentication-failure-handler-ref="authenticationFailureHandler"/>

和我们的 authenticationFailureHandler 定义为：

<beans:bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
   <beans:property name="exceptionMappings">
      <beans:props>
    <beans:prop key="org.springframework.security.authentication.BadCredentialsException">/index.html?authenticationFailure=true</beans:prop>
    </beans:props>
   </beans:property>
</beans:bean>

Java

    @RequestMapping(params={"authenticationFailure=true"}, value ="/index.html")
    public String handleInvalidLogin(HttpServletRequest request) {
       //...  How can I get the username that was used???
       // I've tried:
       Object username = request.getAttribute("SPRING_SECURITY_LAST_USERNAME_KEY");
       Object username = request.getAttribute("SPRING_SECURITY_LAST_USERNAME");  // deprecated
    }

所以我们指导所有 BadCredentialsExceptions 到 index.html 和 IndexController 。在 IndexController 中，我想获得用于失败登录尝试的用户名。我怎么能这样做？

So we're directing all BadCredentialsExceptions to the index.html and IndexController. In the IndexController I'd like to get the username that was used for the failed login attempt. How can I do this?

推荐答案

好的，所以答案结果非常简单但据我所知，没有大讨论或记录。

Okay so the answer turned out to be something extremely simple yet as far as I can tell, not greatly discussed or documented.

以下是我必须做的事情（没有任何配置只是创建了这个类）...

Here's all I had to do (no configurations anywhere just created this class)...

import org.apache.log4j.Logger;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.stereotype.Component;

@Component
public class MyApplicationListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
    private static final Logger LOG = Logger.getLogger(MyApplicationListener.class);

    @Override
    public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent event) {
        Object userName = event.getAuthentication().getPrincipal();
        Object credentials = event.getAuthentication().getCredentials();
        LOG.debug("Failed login using USERNAME [" + userName + "]");
        LOG.debug("Failed login using PASSWORD [" + credentials + "]");
    }
}

我远非春季安全专家所以如果任何人都会读到这个并知道我们不应该这样做的原因，或者知道我希望听到更好的方式。

I'm far from a spring security expert so if anyone reads this and knows of a reason we shouldn't do it like this or knows a better way I'd love to hear about it.

这篇关于如何使用spring security从失败的登录中获取用户名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！