使用spring安全性以编程方式login用户
与之相反的是: 如何用spring security手动注销用户?
在我的应用程序中,我已经注册了新的用户屏幕 ,它发布到一个控制器,在数据库中创build一个新的用户(并做了一些明显的检查)。然后,我希望这个新用户自动login…我有点想喜欢这个 :
SecurityContextHolder.getContext().setPrincipal(MyNewUser);
编辑好我几乎已经实现了基于如何以编程方式用Spring Security 3.1login用户的答案
Authentication auth = new UsernamePasswordAuthenticationToken(MyNewUser, null); SecurityContextHolder.getContext().setPrincipal(MyNewUser);
但是,当部署时,jsp无法访问我的MyNewUser.getWhateverMethods()
而在正常的login过程之后。 通常工作的代码,但是如上所示login时抛出错误如下:
<sec:authentication property="principal.firstname" />
在我的控制器中,我有这个, 正常login用户:
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(auth);
用户是我自定义用户对象(实现UserDetails)新创build。 getAuthorities()
方法执行此操作(仅仅因为我的所有用户都具有相同的angular色):
public Collection<GrantedAuthority> getAuthorities() { //make everyone ROLE_USER Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); GrantedAuthority grantedAuthority = new GrantedAuthority() { //anonymous inner type public String getAuthority() { return "ROLE_USER"; } }; grantedAuthorities.add(grantedAuthority); return grantedAuthorities; }
您也可以将您的弹簧安全configuration的UserDetailsManager
注入您的控制器,并使用它来获取包含主体和权限的UserDetails
,以避免重复的代码:
// inject @Autowired private UserDetailsManager manager; // use in your method UserDetails userDetails = manager.loadUserByUsername (token.getUsername ()); Authentication auth = new UsernamePasswordAuthenticationToken (userDetails.getUsername (),userDetails.getPassword (),userDetails.getAuthorities ()); SecurityContextHolder.getContext().setAuthentication(auth);
来自Spring安全源AbstractAuthenticationProcessingFilter
:
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException { if (logger.isDebugEnabled()) { logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult); } // you need this SecurityContextHolder.getContext().setAuthentication(authResult); rememberMeServices.loginSuccess(request, response, authResult); if (this.eventPublisher != null) { eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } successHandler.onAuthenticationSuccess(request, response, authResult); }
但是请注意, SecurityContextHolder
通常在完成filter链之后被清除。
- 启动Spring应用程序地址已经在使用中
- 在Spring Webservice中,不能从START_ARRAY标记反序列化对象的实例
- spring – @Transactional – 在后台发生了什么?
- 用TestNG进行Springdependency injection
- Spring Data JPA中的CrudRepository和JpaRepository接口有什么区别?
- 没有匹配的types的bean …发现依赖
- Spring MVC – HttpMediaTypeNotAcceptableException
- Jdbctemplate查询string:EmptyResultDataAccessException:不正确的结果大小:预计1,实际0
- 如何从Spring获取当前用户区域设置而不将其作为parameter passing给函数?