Spring security Spring安全性从3.0.0.RELEASE升级到3.1.0.RELEASE-当身份验证为null时,不再将SecurityContext存储到HttpSession
在我们的应用程序中,如果帐户被锁定,则会在登录页面上向用户显示一条消息。根据上下文中存储的与用户相关的某些设置(从数据库获取),消息可能会有所不同。所以在登录页面上我们有Spring security Spring安全性从3.0.0.RELEASE升级到3.1.0.RELEASE-当身份验证为null时,不再将SecurityContext存储到HttpSession,spring-security,Spring Security,在我们的应用程序中,如果帐户被锁定,则会在登录页面上向用户显示一条消息。根据上下文中存储的与用户相关的某些设置(从数据库获取),消息可能会有所不同。所以在登录页面上我们有 AgentProfile agentProfile = ((WUSecurityContext) SecurityContextHolder.getContext()).getAgentProfile(); 在SpringSecurity3.0.0.0版本中,这种方法有效。用户尝试登录,引发LockedException,上
AgentProfile agentProfile = ((WUSecurityContext) SecurityContextHolder.getContext()).getAgentProfile();
void saveContext(SecurityContext context) {
if(HttpSessionSecurityContextRepository.this.authenticationTrustResolver.isAnonymous(context.getAuthentication())) {
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext contents are anonymous - context will not be stored in HttpSession. ");
}
} else {
HttpSession httpSession = this.request.getSession(false);
if(httpSession == null) {
httpSession = this.createNewSessionIfAllowed(context);
}
if(httpSession != null && context.hashCode() != this.contextHashBeforeChainExecution) {
httpSession.setAttribute("SPRING_SECURITY_CONTEXT", context);
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext stored to HttpSession: \'" + context + "\'");
}
}
}
}
protected void saveContext(SecurityContext context) {
Authentication authentication = context.getAuthentication();
HttpSession httpSession = this.request.getSession(false);
if(authentication != null && !HttpSessionSecurityContextRepository.this.authenticationTrustResolver.isAnonymous(authentication)) {
if(httpSession == null) {
httpSession = this.createNewSessionIfAllowed(context);
}
if(httpSession != null && (this.contextChanged(context) || httpSession.getAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey) == null)) {
httpSession.setAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey, context);
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext stored to HttpSession: \'" + context + "\'");
}
}
} else {
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
}
if(httpSession != null) {
httpSession.removeAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey);
}
}
}
void saveContext(SecurityContext context) {
if(HttpSessionSecurityContextRepository.this.authenticationTrustResolver.isAnonymous(context.getAuthentication())) {
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext contents are anonymous - context will not be stored in HttpSession. ");
}
} else {
HttpSession httpSession = this.request.getSession(false);
if(httpSession == null) {
httpSession = this.createNewSessionIfAllowed(context);
}
if(httpSession != null && context.hashCode() != this.contextHashBeforeChainExecution) {
httpSession.setAttribute("SPRING_SECURITY_CONTEXT", context);
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext stored to HttpSession: \'" + context + "\'");
}
}
}
}
protected void saveContext(SecurityContext context) {
Authentication authentication = context.getAuthentication();
HttpSession httpSession = this.request.getSession(false);
if(authentication != null && !HttpSessionSecurityContextRepository.this.authenticationTrustResolver.isAnonymous(authentication)) {
if(httpSession == null) {
httpSession = this.createNewSessionIfAllowed(context);
}
if(httpSession != null && (this.contextChanged(context) || httpSession.getAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey) == null)) {
httpSession.setAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey, context);
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext stored to HttpSession: \'" + context + "\'");
}
}
} else {
if(HttpSessionSecurityContextRepository.this.logger.isDebugEnabled()) {
HttpSessionSecurityContextRepository.this.logger.debug("SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.");
}
if(httpSession != null) {
httpSession.removeAttribute(HttpSessionSecurityContextRepository.this.springSecurityContextKey);
}
}
}
我不知道该怎么办。试图覆盖它并使其像在3.0.0.RELEASE版本中那样工作,感觉这可能是错误的。但是如果我在登录页面的上下文中没有可用的用户信息,那么我将如何显示自定义消息?非常感谢任何帮助。请查看。您可以将信息保存到自定义处理程序中的会话中。您好,谢谢您的建议。我不确定我是否完全理解这对我的帮助,但这是我知道我可以做的一件事,而且它会起作用。我已经有一个自定义AuthFailureHandler,因此在AuthenticationFailure中,我可以添加“httpSession.setAttribute”(“AGENT\u PROFILE“,xyz.getAgentProfile());”现在在我的登录页面上,我可以使用“requestGlobals.getHTTPServletRequest().getSession().getAttribute(“代理配置文件”);”这就是您所想的吗?是的,这是链接问题/答案中的想法。或者更好的是,您可以将其作为查询参数传递到自定义处理程序中。