3
我想自定義的數據添加到認證對象的安全認證過程:線服務添加認證細節
public class MyAuthFilter extends AbstractAuthenticationProcessingFilter {
MyUserDetailService userDetailService; // <==== How to wire??
@Override
public Authentication attemptAuthentication(
HttpServletRequest request,
HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
...
Authentication auth = new UsernamePasswordAuthenticationToken(
username,
r.sessionId,
Arrays.asList(new GrantedAuthority[]{new SimpleGrantedAuthority(grantedUserRole)}));
auth.setDetails(userDetailService.getDetail()); // <== Save detail to auth.
return auth;
}
}
哪能線MyUserDetailService服務?
如何將MyUserDetailService緩存到主體映射(爲了避免不必要的調用userDetailService.getDetail()
並且不因內存不足而崩潰)?
PSspring-security.xml
:
<http use-expressions="true" auto-config="false" entry-point-ref="oauthEntryPoint" authentication-manager-ref="oauthAuthenticationManager">
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
<intercept-url pattern="/login.htm" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<anonymous username="anonymous" enabled="true" granted-authority="AN" key="anonymous-security" />
<logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutHandler"/>
</http>
<beans:bean id="myFilter" class="com.web.filter.MyAuthFilter"> ...</beans:bean>