Java 使用Spring Security添加自定义属性do会话
我需要为Spring Security创建的会话添加一个自定义属性 我尝试使用UsernamePasswordAuthenticationFilter来实现这一点。我在spring配置中以以下方式配置了此自定义筛选器:Java 使用Spring Security添加自定义属性do会话,java,spring,session,spring-mvc,spring-security,Java,Spring,Session,Spring Mvc,Spring Security,我需要为Spring Security创建的会话添加一个自定义属性 我尝试使用UsernamePasswordAuthenticationFilter来实现这一点。我在spring配置中以以下方式配置了此自定义筛选器: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/view/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="/WEB-INF/SpringMessages" />
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" >
<property name="maxUploadSize" value="100000000"></property>
</bean>
<bean id="myDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="jdbc:mysql://127.0.0.1:3306/my_database" />
<property name="user" value="root" />
<property name="password" value="1234" />
<property name="minPoolSize" value="5" />
<property name="maxPoolSize" value="20" />
<property name="maxStatements" value="50" />
<property name="idleConnectionTestPeriod" value="3000" />
<property name="loginTimeout" value="300" />
</bean>
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="myDataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" />
</property>
<property name="jpaProperties">
<props>
<prop key="hibernate.show_sql">false</prop>
</props>
</property>
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" autowire-candidate="default">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<bean id="customAuthenticationDetails" class="com.mycompany.mysystem.login.configuration.CustomUsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<context:component-scan base-package="com.mycompany.mysystem.*"/>
<mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />
<mvc:annotation-driven />
<tx:annotation-driven />
<security:http auto-config="false" disable-url-rewriting="false">
<security:form-login login-page="/login" username-parameter="j_username" password-parameter="j_password" login-processing-url="/j_spring_security_check" default-target-url="/index" authentication-failure-url="/login?status=error" />
<security:logout logout-success-url="/login?status=logout" logout-url="/j_spring_security_logout" />
<security:access-denied-handler error-page="/acesso" />
<security:headers disabled="true"/>
<security:custom-filter after="FORM_LOGIN_FILTER" ref="customAuthenticationDetails" />
<security:intercept-url pattern="/resources/**" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
</security:http>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="myDataSource"
users-by-username-query="my users"
authorities-by-username-query="my authorities" />
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" proxy-target-class="true" />
</beans>
我做错了什么?我认为这是一个概念错误,但我没有找到任何解决方案来向spring会话添加自定义属性
致以最良好的祝愿
编辑
My Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>MySystem</display-name>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
我的系统
春天
org.springframework.web.servlet.DispatcherServlet
1.
春天
/
org.springframework.web.context.ContextLoaderListener
上下文配置位置
/WEB-INF/spring-servlet.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
编辑2
我用另一种方法解决了这个问题,因此无法在这个主题上发布,但问题已经解决。发布您的web.xml请说明您需要添加什么和为什么。@M.Deinum我需要在我的所有控制器中提供一个用户表(Functionario)的信息(因为:不要问为什么,架构就这样做),如果您理解的话。我想在任何时候都可以获得我需要的信息,但是在所有控制器中建立连接看起来比通过会话更糟糕。用户已经是会话的一部分,为什么不创建自己的用户对象并使用它而不是默认的Spring Security用户呢?这样,您只需向每个控制器方法(即
主体
或身份验证
)添加一个参数即可获得访问权限。节省您手动将其存储在会话中,并与框架的其余部分很好地集成。但是如果你真的想创建一个AuthenticationSuccessHandler
来为你做这件事。@M.Deinum我替换了默认的Spring安全用户,它工作正常!谢谢你的提示。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>MySystem</display-name>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>