Fatal编程技术网
  • spring-security/
  • Spring security 在预认证场景中,如何/在何处管理SecurityContext上的认证

Spring security 在预认证场景中,如何/在何处管理SecurityContext上的认证

spring-security

Spring security 在预认证场景中,如何/在何处管理SecurityContext上的认证,spring-security,Spring Security,我想知道在预认证场景中如何/在何处管理SecurityContext的认证 我正在使用SpringSecurity2.x在我的项目中实现预授权场景。现在,它起作用了 用户通过预授权过程登录后,可以使用相关角色对其进行授权,并能够访问security:filter中定义的资源 e、 g 但是SecurityContextHolder.getContext.getAuthentication始终返回null 此外,我也不能在jsp中使用secuiry标记来检查用户是否具有相对角色 <secur

我想知道在预认证场景中如何/在何处管理SecurityContext的认证

我正在使用SpringSecurity2.x在我的项目中实现预授权场景。现在,它起作用了

用户通过预授权过程登录后,可以使用相关角色对其进行授权,并能够访问security:filter中定义的资源

e、 g

但是SecurityContextHolder.getContext.getAuthentication始终返回null

此外,我也不能在jsp中使用secuiry标记来检查用户是否具有相对角色

<security:authorize ifNotGranted="ROLE_ADMIN">

 no role found

</security:authorize>
下面显示了我正在使用的filterChainProxy

    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT 
          /*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor      
          /**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
        </value>
      </property>
    </bean>


 <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
     <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
  </bean>

<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
   <property name="userService" ref="userService" />
</bean>

<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
  <property name="authenticationManager" ref="authenticationManager" /> 
  <property name="userService" ref="userService" />
</bean>
我想我需要在某处将身份验证设置为SecurityContext,但我不知道在何处

我错过了什么?有人能给我一些线索吗

谢谢

Ian

在取回SecurityContext之前,应使用SecurityContextHolder.setContext方法存储SecurityContext

最简单的方法就是SecurityContextHolder.setContextnew SecurityContextImpl

<security:authorize ifNotGranted="ROLE_ADMIN">

 no role found

</security:authorize>

    <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
      <property name="filterInvocationDefinitionSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT 
          /*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor      
          /**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
        </value>
      </property>
    </bean>


 <bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
     <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
  </bean>

<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
   <property name="userService" ref="userService" />
</bean>

<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
  <property name="authenticationManager" ref="authenticationManager" /> 
  <property name="userService" ref="userService" />
</bean>