使用spring安全性以编程方式login用户

在我的控制器中，我有这个， 正常login用户：

 Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth); 

用户是我自定义用户对象（实现UserDetails）新创build。 getAuthorities()方法执行此操作（仅仅因为我的所有用户都具有相同的angular色）：

 public Collection<GrantedAuthority> getAuthorities() { //make everyone ROLE_USER Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); GrantedAuthority grantedAuthority = new GrantedAuthority() { //anonymous inner type public String getAuthority() { return "ROLE_USER"; } }; grantedAuthorities.add(grantedAuthority); return grantedAuthorities; } 

您也可以将您的弹簧安全configuration的UserDetailsManager注入您的控制器，并使用它来获取包含主体和权限的UserDetails ，以避免重复的代码：

 // inject @Autowired private UserDetailsManager manager; // use in your method UserDetails userDetails = manager.loadUserByUsername (token.getUsername ()); Authentication auth = new UsernamePasswordAuthenticationToken (userDetails.getUsername (),userDetails.getPassword (),userDetails.getAuthorities ()); SecurityContextHolder.getContext().setAuthentication(auth); 

来自Spring安全源AbstractAuthenticationProcessingFilter ：

 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult); } // you need this SecurityContextHolder.getContext().setAuthentication(authResult); rememberMeServices.loginSuccess(request, response, authResult); if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } successHandler.onAuthenticationSuccess(request, response, authResult); } 

但是请注意， SecurityContextHolder通常在完成filter链之后被清除。