java 将用户添加到会话中,spring security 默认登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7806086/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Adding user to session, spring security default login
提问by NimChimpsky
I have set up spring security to intercept correctly and prompt user with custom login page, that then authenticates correctly and adds userdetails to SecurityContextHolder.
我已经设置了 spring 安全来正确拦截并使用自定义登录页面提示用户,然后正确验证并将用户详细信息添加到 SecurityContextHolder。
Supplementary to that I now want to add my own custom User object added to session whenever login is performed; so the code will look like this:
作为补充,我现在想在执行登录时添加我自己的自定义 User 对象添加到会话中;所以代码看起来像这样:
public returnwhat? doMySupplementaryLogin() {
UserDetails principal = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
MyUser user = myUserService.getMyUser(principal.getUsername());
add user to what ?
}
Where will this code go? I want the nomral spring authentication to be performed and then the above code will put a MyUser object into session and then send user to the original intercepted url/viewname. I have the strong feeling I am making things more complicated than they need to be ...
这段代码会去哪里?我希望执行nomral spring 身份验证,然后上面的代码将一个MyUser 对象放入会话,然后将用户发送到原始拦截的url/viewname。我有一种强烈的感觉,我让事情变得比他们需要的更复杂......
回答by chzbrgla
You do make it complicated... :)
你确实让它变得复杂... :)
What you want is to add a custom authentication provider to spring's normal authentication manager. So you would configure the authentication manager like this:
您想要的是将自定义身份验证提供程序添加到 spring 的普通身份验证管理器。因此,您可以像这样配置身份验证管理器:
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="authServiceImpl">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
Now you only need to define the authServiceImpl bean inside your spring context. You can either do this through xml or annotations (my prefered way).
现在您只需要在 spring 上下文中定义 authServiceImpl bean。您可以通过 xml 或注释(我的首选方式)来执行此操作。
@Service
public class AuthServiceImpl implements AuthService {
You need to implement the AuthService interface. Just implement to methods from the interface - should be pretty straight forward. You don't need to put things into the SecurityContextHolder yourself - spring will do that.
您需要实现 AuthService 接口。只需从接口实现方法 - 应该非常简单。您不需要自己将东西放入 SecurityContextHolder - spring 会这样做。
What you want is this:
你想要的是这个:
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
return MyUser user = myUserService.getMyUser(username);
}
Feel free to ask if you have any further questions.
如果您有任何其他问题,请随时提问。
EDIT: Or you could just have your UserService class implement the interface - I just did it like this because you didn't provide your UserService class.
编辑:或者你可以让你的 UserService 类实现接口 - 我只是这样做,因为你没有提供你的 UserService 类。
回答by Ronald
or add your own AuthenticationSuccessHandler, for instance this class, i added so that i could store the username and password in session so i could login to other microservices when needed:
或添加您自己的 AuthenticationSuccessHandler,例如我添加的这个类,以便我可以在会话中存储用户名和密码,以便我可以在需要时登录到其他微服务:
public class AuthenticationSuccessWithSessionHandler extends SavedRequestAwareAuthenticationSuccessHandler implements AuthenticationSuccessHandler, LogoutSuccessHandler {
public static final String USERNAME = "username";
public static final String PASSWORD = "password";
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
request.getSession().removeAttribute(USERNAME);
request.getSession().removeAttribute(PASSWORD);
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
super.onAuthenticationSuccess(request, response, authentication);
request.getSession().setAttribute(PASSWORD, request.getParameter(PASSWORD));
request.getSession().setAttribute(USERNAME, request.getParameter(USERNAME));
}
}
and registered it
并注册它
AuthenticationSuccessWithSessionHandler successHandler = new AuthenticationSuccessWithSessionHandler();
http.authorizeRequests().antMatchers("/login", "/logout", "/images", "/js").permitAll().antMatchers("/feeds/**")
.authenticated().and().formLogin()
.successHandler(successHandler)
.and().logout().logoutUrl("/logout").logoutSuccessHandler(successHandler).logoutSuccessUrl("/login");
note the extends SavedRequestAwareAuthenticationSuccessHandler stores the original url and restores it after successfull login.
注意 extends SavedRequestAwareAuthenticationSuccessHandler 存储原始 url 并在成功登录后恢复它。
