如何向Spring SecurityContextHolder中添加值
我有三个登录参数如何向Spring SecurityContextHolder中添加值,spring,spring-mvc,spring-security,spring-webflow,Spring,Spring Mvc,Spring Security,Spring Webflow,我有三个登录参数 1.userName 2.password 3.companyId package org.example; public class CustomDeatilsSecurityFilter extends SpringSecurityFilter { protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
1.userName
2.password
3.companyId
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
我使用以下代码获得了用户名和密码
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String name = auth.getName();
String pwd = auth.getCredentials();
String companyId= ???//How can i set and then get company Id here.
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
我的问题是如何使用SecurityContextHolder获取额外的登录参数(companyId)
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
提取类可能不是spring控制器。这就是我使用
SecurityContextHolder而不是HttpSession
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
谢谢,创建简单的SpringSecurityFilter。使用setDetails方法为用户添加额外的详细信息
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
package org.example;
公共类CustomDeatilsSecurityFilter扩展了SpringSecurityFilter{
受保护的void doFilterHttp(HttpServletRequest请求、HttpServletResponse响应、FilterChain链){
SecurityContext sec=SecurityContextHolder.getContent();
AbstractAuthenticationToken auth=(AbstractAuthenticationToken)sec.getAuthentication();
HashMap info=新的HashMap();
信息投入(“公司ID”,42);
授权设置详细信息(信息);
}
}
将其添加到Spring安全过滤器链中,如下所示(这不是web.xml,而是类似applicationContext Security.xml的内容):
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
然后在代码中的某个地方,您可以执行如下操作:
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
Map<String, Object> info = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();
int companyId = info.get("companyId");
Map info=(Map)SecurityContextHolder.getContext().getAuthentication.getDetails();
int companyId=info.get(“companyId”);
Spring Security的基本安装
在web.xml中
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
<context-param>
<param-name>patchConfigLocation</param-name>
<param-value>
classpath:/applicationContext.xml
/WEB-INF/applicationContext-datasource.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
补丁配置位置
类路径:/applicationContext.xml
/WEB-INF/applicationContext-datasource.xml
/WEB-INF/applicationContext-security.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
在applicationContext-security.xml中
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd">
...
<bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
<custom-filter position="LAST" />
</bean>
...
...
...
在项目的pom.xml中
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<!-- !Spring Security -->
org.springframework.security
spring安全网
3.1.3.1发布
org.springframework.security
spring安全配置
3.1.3.1发布
org.springframework.security
spring安全内核
3.1.3.1发布
org.springframework.security
spring安全acl
3.1.3.1发布
org.springframework.security
spring安全标记库
3.1.3.1发布
谢谢Anton Shcastnyi。。什么是auth?你能给我一个完整的例子吗?我对spring很陌生。继承的类“SpringSecurityFilter”不存在。??如何在普通bean中指定“自定义文件”?好的,请考虑更新项目的POM.XML、Web.xml和SeleIt.xml。请确保您正确地包含了Spring的applicationContext.xml、applicationContext-security.xml。谢谢Anton Shcastnyi。但是我们如何扩展“SpringSecurityFilter”。没有这样的类……哦,很抱歉,这个类似乎在旧版本的Spring security中。因此,您可以从3.1.3.RELEASE降级到2.0.x以启动上面的代码,或者您可以在其他地方更新身份验证对象。考虑看