spring security不支持中文名登录的解决方法

一.发现问题：

spring-springmvc-mybatis 用的spring-security模块做的权限管理，基于数据库的登录验证，突然发现不支持中文名称登录。

二.分析问题

项目设置的编码格式是utf-8,网上查阅相关资料，问题出在编码过滤器上，需要在web.xml中加入编码过滤，并且这个过滤器必须放在security过滤器前面，必须在前面，必须在前面，必须在前面。就是如下这段代码：

<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

可是，我的项目是用java configuration配置的，这种配置方式好像在网上查不到很多资料，基本上都是基于xml配置的。于是，现在问题定位在如何在基于java configuration如何在security filter前面加入编码过滤器。百度不出来了，于是谷歌。这篇文章给了提示http://www.baeldung.com/spring-security-custom-filter（需要翻），

关键部分摘录如下：

You can register the filter programmatically overriding the configure method from WebSecurityConfigurerAdapter. For example, it works with the addFilterAfter method on a HttpSecurity instance:
@Configuration
public class CustomWebSecurityConfigurerAdapter
extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(
new CustomFilter(), BasicAuthenticationFilter.class);
}
}

There are a couple of possible methods:

addFilterBefore(filter, class) – adds a filter before the position of the specified filter class
addFilterAfter(filter, class) – adds a filter after the position of the specified filter class
addFilterAt(filter, class) – adds a filter at the location of the specified filter class
addFilter(filter) – adds a filter that must be an instance of or extend one of the filters provided by Spring Security

三.解决问题

方案1.如果项目是用的xml配置的，上面分析了，可以直接在xml中加入spring的编码过滤器，网上很多这方面的方案。

方案2.如果项目是用java configuration配置的（java类配置），解决方法如下，在SecurityConfig.java中加入。

CharacterEncodingFilter filter1 = new CharacterEncodingFilter();
filter1.setEncoding("utf-8");
http.addFilterBefore(filter1, ChannelProcessingFilter.class);

上面的是关键部分，以下是完整版

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception {
CharacterEncodingFilter filter1 = new CharacterEncodingFilter();
filter1.setEncoding("utf-8");
http.addFilterBefore(filter1, ChannelProcessingFilter.class).formLogin().loginPage("/user/login").and().logout()
.logoutSuccessUrl("/").and().authorizeRequests().antMatchers("/user/orders").authenticated()
.antMatchers("/user/center").authenticated().antMatchers("/shopingCart/confirmation").authenticated()
.anyRequest().permitAll().and().csrf().disable();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username,password,true from shop_user WHERE username=?")
.authoritiesByUsernameQuery("select username,role from shop_user where username=?");
}

}

加入编码过滤器之前的代码如下：

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private DataSource dataSource;

@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/user/login").and().logout()
.logoutSuccessUrl("/").and().authorizeRequests().antMatchers("/user/orders").authenticated()
.antMatchers("/user/center").authenticated().antMatchers("/shopingCart/confirmation").authenticated()
.anyRequest().permitAll().and().csrf().disable();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username,password,true from shop_user WHERE username=?")
.authoritiesByUsernameQuery("select username,role from shop_user where username=?");
}

}