java提取password_java – 如何在spring security authenticated登录中获取用户输入的用户名和密码值...

我在我的应用程序中使用Spring MVC,登录通过spring security进行身份验证.我的UserServiceImpl.java类中有以下两种方法,

public UserDetails loadUserByUsername(String userName)throws UsernameNotFoundException,DataAccessException

{

ApplicationTO applicationTO = null;

try

{

applicationTO = applicationService.getApplicationTO(adminDomainName);

}

catch (ApplicationPropertyException e)

{

// TODO Auto-generated catch block

e.printStackTrace();

}

UserTO userTO = getUserTO(applicationTO.getApplicationId(), userName);

if (userTO == null)

{

throw new UsernameNotFoundException("user not found");

}

httpSession.setAttribute("userTO", userTO);

return buildUserFromUserEntity(userTO);

}

User buildUserFromUserEntity(UserTO userTO)

{

String username = userTO.getUsername();

String password = userTO.getPassword();

int userId = userTO.getUserId();

int applicationId = userTO.getApplicationId();

boolean enabled = userTO.isEnabled();

boolean accountNonExpired = true;

boolean credentialsNonExpired = true;

boolean accountNonLocked = true;

User user = new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthority(applicationId, userId));

return user;

}

我对Spring比较陌生,对弹簧安全部分不太了解.在我的spring-security.xml文件中,我有以下内容,

authentication-failure-url="/login?error" username-parameter="username"

password-parameter="password" />

class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">

class="org.springframework.security.authentication.ProviderManager">

我的登录表单的操作设置如下：

现在,我试图获取用户在登录表单中输入的密码值,可以在loadUserByUsername方法内部,也可以通过向UserServiceImpl.java类添加新方法.

因此,在登录期间,Spring安全性会将用户输入的密码与数据库中的加密密码进行比较,并且登录失败.但是根据上面链接中建议的实现,有一种方法可以比较密码和加密密码以检查它们是否相同.只有当我可以访问用户输入的密码时才可以这样做.这就是我试图让用户输入密码的原因.