Spring security 在预认证场景中,如何/在何处管理SecurityContext上的认证
我想知道在预认证场景中如何/在何处管理SecurityContext的认证 我正在使用SpringSecurity2.x在我的项目中实现预授权场景。现在,它起作用了 用户通过预授权过程登录后,可以使用相关角色对其进行授权,并能够访问security:filter中定义的资源 e、 g 但是SecurityContextHolder.getContext.getAuthentication始终返回null 此外,我也不能在jsp中使用secuiry标记来检查用户是否具有相对角色Spring security 在预认证场景中,如何/在何处管理SecurityContext上的认证,spring-security,Spring Security,我想知道在预认证场景中如何/在何处管理SecurityContext的认证 我正在使用SpringSecurity2.x在我的项目中实现预授权场景。现在,它起作用了 用户通过预授权过程登录后,可以使用相关角色对其进行授权,并能够访问security:filter中定义的资源 e、 g 但是SecurityContextHolder.getContext.getAuthentication始终返回null 此外,我也不能在jsp中使用secuiry标记来检查用户是否具有相对角色 <secur
<security:authorize ifNotGranted="ROLE_ADMIN">
no role found
</security:authorize>
下面显示了我正在使用的filterChainProxy
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
</bean>
<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
<property name="userService" ref="userService" />
</bean>
<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="userService" ref="userService" />
</bean>
我想我需要在某处将身份验证设置为SecurityContext,但我不知道在何处
我错过了什么?有人能给我一些线索吗
谢谢
Ian在取回SecurityContext之前,应使用SecurityContextHolder.setContext方法存储SecurityContext
最简单的方法就是SecurityContextHolder.setContextnew SecurityContextImpl
<security:authorize ifNotGranted="ROLE_ADMIN">
no role found
</security:authorize>
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/*subscri*=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,securityContextHolderAwareRequestFilter,subscribeExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilter,logoutFilter,j2eePreAuthenticatedProcessingFilter,logoutFilter,rememberMeProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<bean id="preAuthenticatedAuthenticationProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
</bean>
<bean id="preAuthenticatedUserDetailsService" class="demo.project.security.auth.RsaAuthenticationUserDetailsService" >
<property name="userService" ref="userService" />
</bean>
<bean id="j2eePreAuthFilter" class="demo.project.security.filter.AutoLoginFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="userService" ref="userService" />
</bean>