1. 首頁
  2. 問答
  3. 如何從後端創建彈簧安全會話?

如何從後端創建彈簧安全會話?

2015-09-28 102 views
2

我有我的春季應用程序與春季安全登錄,它工作正常,但我想做一些額外的事情。如何從後端創建彈簧安全會話?

有些用戶將通過另一種方法進行登錄,因此,我將在我的控制器中獲得一個包含數據的帖子......是否有任何來自該控制器的方式模擬用戶實際上正在輸入其用戶/密碼在登錄表單,然後創建一個春季安全會議?

現在我有這個

春SECURIT配置

@Autowired 
    private UserDetailsService customUserDetailsService; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.authorizeRequests().antMatchers("/auth/**").authenticated(); 

     http. 
       authorizeRequests() 
       .antMatchers("/resources/**").permitAll() 
       .antMatchers("/admin/**") 
       .access("hasRole('ROLE_ADMIN')") 
       .antMatchers("/user/**") 
       .access("hasRole('ROLE_USER')") 
       .and() 
       .formLogin() 
       .defaultSuccessUrl("/usuario/home") 
       .loginPage("/login") 
       .permitAll() 
       .and() 
       .logout() 
       .logoutSuccessUrl("/") 
       .permitAll(); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(customUserDetailsService) 
       .passwordEncoder(passwordEncoder()); 
    } 

    @Bean 
    public PasswordEncoder passwordEncoder() { 
     if(encoder == null) { 
      encoder = new BCryptPasswordEncoder(); 
     } 
     return encoder; 
    }

登錄方法在我的控制器(沒有什麼真正的..)

@RequestMapping("/login") 
    public ModelAndView login() { 
     ModelAndView mvc = new ModelAndView(); 
     mvc.setViewName("login"); 
     mvc.addObject("message", ""); 

     return mvc; 
    }

我有我的詳細信息服務爲好,像這樣

@Autowired 
    private UserRepository userRepository; 

    @Transactional(readOnly=true) 
    @Override 
    public UserDetails loadUserByUsername(final String username) 
      throws UsernameNotFoundException { 

     com.jp.base.domain.User user = userRepository.findByUsername(username); 
     List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoles()); 
     System.out.println("user roles: " + user.getUserRoles()); 
     return buildUserForAuthentication(user, authorities); 

    } 

    private User buildUserForAuthentication(com.jp.base.domain.User user, 
              List<GrantedAuthority> authorities) { 
     return new User(user.getUsername(), user.getPassword(), authorities); 
    } 

    private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) { 

     Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); 

     // Build user's authorities 
     for (UserRole userRole : userRoles) { 
      setAuths.add(new SimpleGrantedAuthority(userRole.getRole())); 
     } 

     return new ArrayList<GrantedAuthority>(setAuths); 
    } 
}

任何想法如何做到這一點?

謝謝。

來源

2015-09-28 jpganz18

回答

2

有一種方法可以做到這一點。你可以使用Spring SecurityContextHolder。它看起來像這樣:

UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(principal, credentials); 
SecurityContextHolder.getContext().setAuthentication(authentication);

其中principal是UserDetails對象。如果你沒有證書,你可以傳遞null。

來源

2015-09-28 10:51:42 Milan

+0

有沒有辦法用我的userDetails服務來做到這一點?請在帖子中查看我編輯過的信息。謝謝 – jpganz18

+0

當然,只需調用loadUserByUsername方法來檢索UserDetails。然後用該UserDetails對象作爲主體創建UsernamePasswordAuthenticationToken對象。例如: 'UserDetails principal = userDetailsS​​ervice.loadUserByUsername(「username」); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(principal,null,principal.getAuthorities()); SecurityContextHolder.getContext()。setAuthentication(authentication);' – Milan

+0

沒有密碼? – jpganz18

0 
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(); 
GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_USER"); 
grantedAuthorities.add(ga); 

Authentication auth = new UsernamePasswordAuthenticationToken(user.getUid(), "", grantedAuthorities); 
SecurityContextHolder.getContext().setAuthentication(auth);

來源

2015-09-28 10:52:15 codependent

+0

有沒有辦法用我的userDetails服務來做到這一點?請在帖子中查看我編輯過的信息。謝謝 – jpganz18

相關問題

 相關問題