SpringSecurity中自定义过滤器的种类

配置文件中的<http>...</http>都是采用的auto-config="true"这种自动配置模式，根据Spring Security文档的说明:

－－－－－－－－－－－－－－－－－－

auto-config Automatically registers a login form, BASIC authentication, logout services. If set to "true", all of these capabilities are added (although you can still customize the configuration of each by providing the respective element).

－－－－－－－－－－－－－－－－－－

可以理解为:

<http>
<form-login />
<http-basic />
<logout />
</http>

package com.cnblogs.yjmyzz;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

//import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class CustomLoginFilter extends UsernamePasswordAuthenticationFilter {

public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {

// if (!request.getMethod().equals("POST")) {
// throw new AuthenticationServiceException(
// "Authentication method not supported: "
// + request.getMethod());
// }

String username = obtainUsername(request).toUpperCase().trim();
String password = obtainPassword(request);

UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
username, password);

setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}

}

即：从UsernamePasswordAuthenticationFilter继承一个类，然后把关于POST方式判断的代码注释掉即可。默认情况下，Spring Security的用户名是区分大小写，如果觉得没必要，上面的代码同时还演示了如何在Filter中自动将其转换成大写。

本文出自：

http://www.cnblogs.com/yjmyzz/p/3888507.html