如果是自己验证用户名密码的话,spring security仅仅支持传统的form表单方式(form-data)登录。这是一个比较大的坑点。现在都流行使用前后端分离,前端发送的是json格式数据。下面我谈下如何操作。
通过跟踪源代码,可以知道,获取用户名密码是在UsernamePasswordAuthenticationFilter这个类里面的attemptAuthentication方法,如下
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
if (postOnly && !request.getMethod().equals("POST")) {
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
String username = obtainUsername(request);
String password = obtainPassword(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePassword