就在延伸,然后注册AbstractPreAuthenticatedProcessingFilter
,一切都在documentation:
public class RequestPreAuthenticatedProcessingFilter
extends AbstractPreAuthenticatedProcessingFilter {
private static final String USER_PRINCIPAL_KEY = "";
@Override
protected Object getPreAuthenticatedPrincipal(final HttpServletRequest request) {
return request.getAttribute(USER_PRINCIPAL_KEY);
}
@Override
protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) {
return "N/A"; // or whatever you need
}
}
和安全context.xml中:
<security:http>
<!-- Additional http configuration omitted -->
<security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" />
</security:http>
<bean id="preAuthFilter"
class="com.example.RequestPreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager">
</bean>