實現自己的AuthenticationProcessingFilter:
package com.radicasys.lm.filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter;
public class MyAuthenticationProcessingFilter extends AbstractProcessingFilter {
public static final String ACEGI_SECURITY_FORM_USERNAME_KEY = "j_username";
public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
public static final String ACEGI_SECURITY_LAST_USERNAME_KEY = "ACEGI_SECURITY_LAST_USERNAME";
public static final String ACEGI_SECURITY_CURRENTUSERGROUP = "currenGroup";
public static final String ACEGI_SECURITY_USERNAME_KEY = "ACEGI_SECURITY_USERNAME";
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
String username = obtainUsername(request);
String password = obtainPassword(request);
String currentGroup = obtainCurrentGroup(request);
if (username == null) {
username = "";
}
if (password == null) {
password = "";
}
request.getSession().setAttribute(ACEGI_SECURITY_USERNAME_KEY, username);
username = username.trim()+"_"+currentGroup.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
// Place the last username attempted into HttpSession for views
request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);
//set currentGroup to HttpSession
request.getSession().setAttribute(ACEGI_SECURITY_CURRENTUSERGROUP, currentGroup.trim());
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
/**
* This filter by default responds to <code>/j_acegi_security_check</code>.
*
* @return the default
*/
public String getDefaultFilterProcessesUrl() {
return "/j_acegi_security_check";
}
public void init(FilterConfig filterConfig) throws ServletException {}
/**
* Enables subclasses to override the composition of the password, such as by including additional values
* and a separator.<p>This might be used for example if a postcode/zipcode was required in addition to the
* password. A delimiter such as a pipe (|) should be used to separate the password and extended value(s). The
* <code>AuthenticationDao</code> will need to generate the expected password in a corresponding manner.</p>
*
* @param request so that request attributes can be retrieved
*
* @return the password that will be presented in the <code>Authentication</code> request token to the
* <code>AuthenticationManager</code>
*/
protected String obtainPassword(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_PASSWORD_KEY);
}
/**
* Enables subclasses to override the composition of the username, such as by including additional values
* and a separator.
*
* @param request so that request attributes can be retrieved
*
* @return the username that will be presented in the <code>Authentication</code> request token to the
* <code>AuthenticationManager</code>
*/
protected String obtainUsername(HttpServletRequest request) {
return request.getParameter(ACEGI_SECURITY_FORM_USERNAME_KEY);
}
protected String obtainCurrentGroup(HttpServletRequest request){
return request.getParameter(ACEGI_SECURITY_CURRENTUSERGROUP);
}
/**
* Provided so that subclasses may configure what is put into the authentication request's details
* property.
*
* @param request that an authentication request is being created for
* @param authRequest the authentication request object that should have its details set
*/
protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}
}
在user model裏面:
public class User implements UserDetails {
private Set<Role> roles = new HashSet<Role>();
@Transient
public GrantedAuthority[] getAuthorities() {
return roles.toArray(new GrantedAuthority[0]);
}
}
在UserDaoHibernate裏面:
@SuppressWarnings("unchecked")
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
List<User> users = getHibernateTemplate().find(
"from User where email=?", username);
if (users == null || users.isEmpty()) {
throw new UsernameNotFoundException("user '" + username
+ "' not found...");
}
else if(!users.get(0).isEnabled()){
throw new DisabledException("user " + username
+ " suspended...");
}
else {
return (UserDetails) users.get(0);
}
}