我有一个 Web 应用程序，我需要使用三个字段登录：用户、密码和部门。

当我尝试运行它时，登录有效，但未调用自定义过滤器，因此没有部门。

我一直在尝试添加自定义用户名和密码过滤器，传递一个我可以稍后解析的字符串。我没有取得任何成功，这让我发疯。

SecurityConfig 扩展了 WebSecurityConfigurerAdapter

@Override

protected void configure(HttpSecurity http) throws Exception {

    http

        .addFilterBefore(authenticationFilter(), 

                UsernamePasswordAuthenticationFilter.class);

    // Authentication control

    http

        .authorizeRequests()

        .antMatchers("/login.xhtml").permitAll() // All everyone to see login page

        .antMatchers("/javax.faces.resource/**").permitAll() // All everyone to see resources

        .antMatchers("/resources/**").permitAll() // All everyone to see resources

        .anyRequest().authenticated(); // Ensure any request to application is authenticated

    // Login control

    http

        .formLogin()

            .loginPage("/login.xhtml")

            .usernameParameter("userInput")

            .passwordParameter("passwordInput")

            .defaultSuccessUrl("/home.xhtml", true)

            .failureUrl("/login.xhtml?error=true");

    // logout

    http

        .logout()

            .logoutUrl("/logout")

            .invalidateHttpSession(true)

            .logoutSuccessUrl("/login.xhtml");

    // not needed as JSF 2.2 is implicitly protected against CSRF

    http

        .csrf().disable();

} 

public CustomAuthenticationFilter authenticationFilter() throws Exception {

    CustomAuthenticationFilter filter = new CustomAuthenticationFilter();

    filter.setAuthenticationManager(authenticationManagerBean());

    filter.setAuthenticationFailureHandler(failureHandler());

    return filter;

}

public SimpleUrlAuthenticationFailureHandler failureHandler() {

    return new SimpleUrlAuthenticationFailureHandler("/login?error=true");

}

@Autowired

public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.authenticationProvider(authProvider());

}