Security 基于MVC表单的Spring安全登录?
我有一个应用程序,它使用Spring Security控制对页面的访问,管理用户角色(Security 基于MVC表单的Spring安全登录?,security,spring,model-view-controller,authentication,login,Security,Spring,Model View Controller,Authentication,Login,我有一个应用程序,它使用Spring Security控制对页面的访问,管理用户角色(GrantedAuthority)和ACL。该应用程序使用标准的用户名密码身份验证过滤器,拦截对/j_spring_security_check(使用j_用户名和j_密码请求参数)的请求,并使用ProviderManager对用户进行身份验证,成功后将其存储在SecurityContextHolder中 使用自定义的userdetails服务在安全上下文中配置上述内容: <authentication-m
GrantedAuthority
)和ACL。该应用程序使用标准的用户名密码身份验证过滤器
,拦截对/j_spring_security_check
(使用j_用户名
和j_密码
请求参数)的请求,并使用ProviderManager
对用户进行身份验证,成功后将其存储在SecurityContextHolder
中
使用自定义的userdetails服务在安全上下文中配置上述内容:
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref='myUserDetailsService'/>
</authentication-manager>
你认为上面的解决方案有什么问题吗?在SecurityContextHolder
中设置身份验证是否足够?我错过什么了吗
欢迎提出意见和建议;-)
谢谢大家
Andrea我检查了Spring安全代码,并且在成功验证后,原始代码也只是将验证
对象存储在SecurityContextHolder中,没有其他操作
例如,在类AbstractAuthenticationProcessingFilter
(用于标准登录拦截对/j\u spring\u security\u check
的请求)中,执行以下操作:
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
Authentication authResult) throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
rememberMeServices.loginSuccess(request, response, authResult);
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
}
successHandler.onAuthenticationSuccess(request, response, authResult);
}
我在我的应用程序中实现了这一点,一切正常
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
Authentication authResult) throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Authentication success. Updating SecurityContextHolder to contain: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
rememberMeServices.loginSuccess(request, response, authResult);
// Fire event
if (this.eventPublisher != null) {
eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
}
successHandler.onAuthenticationSuccess(request, response, authResult);
}