這必須是圍繞j_security_check進行的自定義實現。您可以在會話連接一個Servlet過濾器j_security_check
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/j_security_check</url-pattern>
</filter-mapping>
在SecurityFilter類,安全檢查返回userPrincipal後,設置進一步的細節和繼續。但是,如果userPrincipal爲null,則從數據庫中提取失敗計數,並將失敗消息(包括失敗計數)放入會話中,這可以在登錄頁面中顯示。
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
Principal userPrincipal = null;
String username = httpServletRequest.getParameter("j_username");
String rememberme = httpServletRequest.getParameter("rememberme");
chain.doFilter(request, response);
userPrincipal = httpServletRequest.getUserPrincipal();
記住我必須設置cookie,變量「rememberme」的值將在j_security_check完成後可用。基於登錄成功或失敗,可以設置cookie。