Fatal编程技术网
  • spring-security/
  • Spring security Spring Security在会话超时时获取身份验证:身份验证对象在会话超时时返回NULL

Spring security Spring Security在会话超时时获取身份验证:身份验证对象在会话超时时返回NULL

spring-security

Spring security Spring Security在会话超时时获取身份验证:身份验证对象在会话超时时返回NULL,spring-security,Spring Security,我正在使用spring/spring security 3.1,希望在会话超时时根据ATHENTICATION对象中的权限采取一些操作。会话超时时,AUTHENTICATION对象为null <logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/> <!-- Custom filte

我正在使用spring/spring security 3.1,希望在会话超时时根据ATHENTICATION对象中的权限采取一些操作。会话超时时,AUTHENTICATION对象为null

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>
以下是供参考的文件:

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>
安全配置: 

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>
因此,问题是如何在会话超时时获得身份验证对象

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>
你能帮我找出解决上述问题的办法吗

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>
提前谢谢

    <logout invalidate-session="true" logout-url="/j_spring_security_logout"  success-handler-ref="logoutSuccessHandler"/>

    <!-- Custom filter to deny unwanted users even though registered -->
    <custom-filter ref="blacklistFilter" before="FILTER_SECURITY_INTERCEPTOR" />

    <!-- Custom filter for username, password and domain. The real customization is  done in the customAuthenticationManager -->
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />

</http>