Added question on login with multiple fields to faq
This commit is contained in:
parent
7c0f8b9756
commit
2a510f3539
|
@ -126,5 +126,47 @@ org.springframework.security.AccessDeniedException: Access is denied
|
||||||
</p>
|
</p>
|
||||||
</answer>
|
</answer>
|
||||||
</faq>
|
</faq>
|
||||||
|
<faq>
|
||||||
|
<question>
|
||||||
|
I've configured the "requires-channel" attribute to use HTTPS for my login page and switch back to HTTP afterwards but I just end up back at
|
||||||
|
the login page after authenticating. I'm using Tomcat. Why doesn't it work?
|
||||||
|
</question>
|
||||||
|
<answer>
|
||||||
|
<p>
|
||||||
|
This happens because Tomcat sessions created under HTTPS cannot subsequently be used under HTTP and any session state is lost (including
|
||||||
|
the security context information). Starting in HTTP first should work.
|
||||||
|
</p>
|
||||||
|
</answer>
|
||||||
|
</faq>
|
||||||
|
<faq>
|
||||||
|
<question>
|
||||||
|
I'm forwarding a request to another URL using the RequestDispatcher, but my security constraints aren't being applied. Why not?
|
||||||
|
</question>
|
||||||
|
<answer>
|
||||||
|
Filters are not applied by default to forwards or includes. If you really want the security filters to be applied to forwards and/or includes,
|
||||||
|
then you have to configure these explicitly in your web.xml using the <dispatcher> element, a child element of <filter-mapping>.
|
||||||
|
</answer>
|
||||||
|
</faq>
|
||||||
|
</part>
|
||||||
|
<part>
|
||||||
|
<title>Common "How To" Requests</title>
|
||||||
|
<faq>
|
||||||
|
<question>I need to login in with more information than just the username. How do I add support for extra login fields (e.g. a company name)?</question>
|
||||||
|
<answer>
|
||||||
|
<p>This question comes up repeatedly in the Spring Security forum so you will find more information there.</p>
|
||||||
|
<p>
|
||||||
|
The submitted login information is processed by an instance of <i>AuthenticationProcessingFilter</i>. You will need to customize this class to handle
|
||||||
|
the extra data field(s). One option is to use your own customized authentication token class (rather than the standard <i>UsernamePasswordAuthenticatioToken</i>),
|
||||||
|
another is simply to concatenate the extra fields with the username (for example, using a ":" as the separator) and pass them in the username property of
|
||||||
|
<i>UsernamePasswordAuthenticatioToken</i>.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
You will also need to customize the actual authentication process. If you are using a custom authentication token class, for example, you will have to write an
|
||||||
|
<i>AuthenticationProvider</i> to handle it (or extend the standard <i>DaoAuthenticationProvider</i>).
|
||||||
|
If you have concatenated the fields, you can implement your own <i>UserDetailsService</i> which splits them up and loads the appropriated user data to use
|
||||||
|
for authentication.
|
||||||
|
</p>
|
||||||
|
</answer>
|
||||||
|
</faq>
|
||||||
</part>
|
</part>
|
||||||
</faqs>
|
</faqs>
|
Loading…
Reference in New Issue