如何向Spring SecurityContextHolder中添加值

我有三个登录参数

1.userName

2.password

3.companyId

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

我使用以下代码获得了用户名和密码

 Authentication auth = SecurityContextHolder.getContext().getAuthentication();

 String name = auth.getName();

 String pwd = auth.getCredentials();

 String companyId= ???//How can i set and then get company Id here.

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

我的问题是如何使用SecurityContextHolder获取额外的登录参数（companyId）

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

提取类可能不是spring控制器。这就是我使用 SecurityContextHolder而不是HttpSession

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

---

谢谢，

创建简单的SpringSecurityFilter。使用setDetails方法为用户添加额外的详细信息

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

package org.example；
公共类CustomDeatilsSecurityFilter扩展了SpringSecurityFilter{
受保护的void doFilterHttp（HttpServletRequest请求、HttpServletResponse响应、FilterChain链）{
SecurityContext sec=SecurityContextHolder.getContent（）；
AbstractAuthenticationToken auth=（AbstractAuthenticationToken）sec.getAuthentication（）；
HashMap info=新的HashMap（）；
信息投入（“公司ID”，42）；
授权设置详细信息（信息）；
}
}

将其添加到Spring安全过滤器链中，如下所示（这不是web.xml，而是类似applicationContext Security.xml的内容）：

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

然后在代码中的某个地方，您可以执行如下操作：

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

Map<String, Object> info = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();  
int companyId = info.get("companyId");  

Map info=（Map）SecurityContextHolder.getContext（）.getAuthentication.getDetails（）；
int companyId=info.get（“companyId”）；

Spring Security的基本安装 在web.xml中

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

<context-param>
    <param-name>patchConfigLocation</param-name>
    <param-value>
        classpath:/applicationContext.xml
       /WEB-INF/applicationContext-datasource.xml
       /WEB-INF/applicationContext-security.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

补丁配置位置
类路径：/applicationContext.xml
/WEB-INF/applicationContext-datasource.xml
/WEB-INF/applicationContext-security.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*

在applicationContext-security.xml中

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.2.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-3.2.xsd">  
...
    <bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
       <custom-filter position="LAST" />
    </bean>
...

...
...

在项目的pom.xml中

package org.example;  
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      HashMap<String, Object> info = new HashMap<String, Object>();
      info.put("companyId", 42);
      auth.setDetails(info);
   }

}

    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-acl</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <!-- !Spring Security -->

org.springframework.security
spring安全网
3.1.3.1发布
org.springframework.security
spring安全配置
3.1.3.1发布
org.springframework.security
spring安全内核
3.1.3.1发布
org.springframework.security
spring安全acl
3.1.3.1发布
org.springframework.security
spring安全标记库
3.1.3.1发布

谢谢Anton Shcastnyi。。什么是auth？你能给我一个完整的例子吗？我对spring很陌生。继承的类“SpringSecurityFilter”不存在。？？如何在普通bean中指定“自定义文件”？好的，请考虑更新项目的POM.XML、Web.xml和SeleIt.xml。请确保您正确地包含了Spring的applicationContext.xml、applicationContext-security.xml。谢谢Anton Shcastnyi。但是我们如何扩展“SpringSecurityFilter”。没有这样的类……哦，很抱歉，这个类似乎在旧版本的Spring security中。因此，您可以从3.1.3.RELEASE降级到2.0.x以启动上面的代码，或者您可以在其他地方更新身份验证对象。考虑看