I have been working on this for several days, and hope someone can help me.
There are three requirements for the authentication processing.
- Authentication using OpenID, login page is login.jsp. After login is successfully, display the username and email address at login-succ.jsp
- There is a input field in the login.jsp, I also need to display the value of mymessage in the login-succ.jsp if login is successfully
- After login successfully, user is in the login-succ.jsp, with his username email address and mymessage value. If user refresh the login-succ.jsp page, these three values should be display again.
I have tried to achieve these three requirements using CustomOpenIDAuthenticationFilter at my another post, but if I save the message into session and there are two instances of login.jsp, the two instances will overwrite the message values to each other after refresh action. I do not know if I am doing everything wrong. So can anyone please give me 开发者_高级运维some suggestions about how to meet these three requirements using Spring security and Spring MVC.
Thanks.
To me, this feels like a design that is begging for some type of injection attack (taking a URL parameter that is displayed blindly on the page to the user is a really bad idea).
Instead, I would stick the message in the HttpSession
prior to the user being redirected to OpenID login, and retrieve the message after they are successfully redirected. Obviously, you would need code to clear the message from the session upon failure, logout, etc.
精彩评论