Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Security 基于MVC表单的Spring安全登录?_Security_Spring_Model View Controller_Authentication_Login - Fatal编程技术网
Fatal编程技术网
  • security/
  • Security 基于MVC表单的Spring安全登录?

Security 基于MVC表单的Spring安全登录?

security spring model-view-controller authentication login

Security 基于MVC表单的Spring安全登录?,security,spring,model-view-controller,authentication,login,Security,Spring,Model View Controller,Authentication,Login,我有一个应用程序,它使用Spring Security控制对页面的访问,管理用户角色(GrantedAuthority)和ACL。该应用程序使用标准的用户名密码身份验证过滤器,拦截对/j_spring_security_check(使用j_用户名和j_密码请求参数)的请求,并使用ProviderManager对用户进行身份验证,成功后将其存储在SecurityContextHolder中 使用自定义的userdetails服务在安全上下文中配置上述内容: <authentication-m

我有一个应用程序,它使用Spring Security控制对页面的访问,管理用户角色(
GrantedAuthority
)和ACL。该应用程序使用标准的
用户名密码身份验证过滤器
,拦截对
/j_spring_security_check
(使用
j_用户名
j_密码
请求参数)的请求,并使用
ProviderManager
对用户进行身份验证,成功后将其存储在
SecurityContextHolder

使用自定义的
userdetails服务在安全上下文中配置上述内容:


<authentication-manager alias="authenticationManager">
    <authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>


你认为上面的解决方案有什么问题吗?在
SecurityContextHolder
中设置身份验证是否足够?我错过什么了吗

欢迎提出意见和建议;-)
谢谢大家

Andrea
我检查了Spring安全代码,并且在成功验证后,原始代码也只是将
验证
对象存储在SecurityContextHolder中,没有其他操作

例如,在类
AbstractAuthenticationProcessingFilter
(用于标准登录拦截对
/j\u spring\u security\u check
的请求)中,执行以下操作:


 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
        Authentication authResult) throws IOException, ServletException {

    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
    }

    SecurityContextHolder.getContext().setAuthentication(authResult);

    rememberMeServices.loginSuccess(request, response, authResult);

    // Fire event
    if (this.eventPublisher != null) {
        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
    }

    successHandler.onAuthenticationSuccess(request, response, authResult);
}


我在我的应用程序中实现了这一点,一切正常


 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
        Authentication authResult) throws IOException, ServletException {

    if (logger.isDebugEnabled()) {
        logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
    }

    SecurityContextHolder.getContext().setAuthentication(authResult);

    rememberMeServices.loginSuccess(request, response, authResult);

    // Fire event
    if (this.eventPublisher != null) {
        eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
    }

    successHandler.onAuthenticationSuccess(request, response, authResult);
}