使用上面的答案作为指导,这是我创建的一个后处理器的工作示例,它允许您指定要向验证器提供的登录表单变量,以及一个示例自定义验证器,用于检查登录表单中的terms_of_service复选框值 .
在Spring配置中:
AuthFormDetailsPostProcessor.java:
public class AuthFormDetailsPostProcessor implements BeanPostProcessor {
private String [] formVarNames;
public void setFormVarNames (String formVarNames) {
this.formVarNames = formVarNames.split (",");
}
public static class Details extends WebAuthenticationDetails {
private Map map;
public Details (HttpServletRequest request, String [] parameters) {
super (request);
this.map = new HashMap();
for (String parameter : parameters) {
this.map.put (parameter.trim(), request.getParameter (parameter.trim()));
}
}
public String get (String name) {
return map.get(name);
}
}
public Object postProcessAfterInitialization(Object bean, String name) {
if (bean instanceof UsernamePasswordAuthenticationFilter) {
((UsernamePasswordAuthenticationFilter)bean).setAuthenticationDetailsSource(
new AuthenticationDetailsSource() {
public Object buildDetails(Object context) {
if (formVarNames == null) {
throw new RuntimeException ("AuthFormDetailsPostProcessor bean requires a formVarNames property, specifying a comma-delimited list of form vars to provide in the details object.");
}
return new Details ((HttpServletRequest) context, formVarNames);
}
});
}
return bean;
}
public Object postProcessBeforeInitialization(Object bean, String name) {
return bean;
}
}
这是使用它的自定义Authenticator:
public class AuthServiceAuthenticator implements AuthenticationProvider {
@Override
public Authentication authenticate (Authentication authentication) throws AuthenticationException {
String email = (String) authentication.getPrincipal();
String password = (String) authentication.getCredentials();
AuthFormDetailsPostProcessor.Details details = (AuthFormDetailsPostProcessor.Details) authentication.getDetails();
// see if they checked the terms_of_service checkbox
String termsOfServiceVar = details.get ("terms_of_service_accepted");
boolean termsOfServiceAccepted = (termsOfServiceVar != null && termsOfServiceVar.equals ("on"));
// ... do your custom authentication ...
return authentication; // or a new authentication object
}
@Override
public boolean supports(Class extends Object> authentication) {
return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
}
}