1. 首頁
  2. 問答
  3. 線服務添加認證細節

線服務添加認證細節

2013-10-21 32 views
3

我想自定義的數據添加到認證對象的安全認證過程:線服務添加認證細節

public class MyAuthFilter extends AbstractAuthenticationProcessingFilter { 

    MyUserDetailService userDetailService; // <==== How to wire?? 

    @Override 
    public Authentication attemptAuthentication(
      HttpServletRequest request, 
      HttpServletResponse response) 
      throws AuthenticationException, IOException, ServletException { 
     ... 
     Authentication auth = new UsernamePasswordAuthenticationToken(
       username, 
       r.sessionId, 
       Arrays.asList(new GrantedAuthority[]{new SimpleGrantedAuthority(grantedUserRole)})); 
     auth.setDetails(userDetailService.getDetail()); // <== Save detail to auth. 
     return auth; 
    } 
}

哪能線MyUserDetailService服務?

如何將MyUserDetailService緩存到主體映射(爲了避免不必要的調用userDetailService.getDetail()並且不因內存不足而崩潰)?

PSspring-security.xml

<http use-expressions="true" auto-config="false" entry-point-ref="oauthEntryPoint" authentication-manager-ref="oauthAuthenticationManager"> 
    <custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" /> 
    <intercept-url pattern="/login.htm" access="permitAll" /> 
    <intercept-url pattern="/**" access="isAuthenticated()" /> 
    <anonymous username="anonymous" enabled="true" granted-authority="AN" key="anonymous-security" /> 
    <logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutHandler"/> 
</http> 

<beans:bean id="myFilter" class="com.web.filter.MyAuthFilter"> ...</beans:bean>

來源

2013-10-21 gavenkoa

回答

2

春季安全遵循通常的春天架構,因此我的自定義AbstractAuthenticationProcessingFilter只是普通的豆腐。

我不需要標記類作爲@Component,因爲它在spring-security.xml聲明。我可以使用:

@Autowired 
private UserService userService;

或:

UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
    userName, sessionId, 
    AuthorityUtils.createAuthorityList(grantedUserRole));  
auth.setDetails(userService.get(userName));

它會自動緩存爲會話保持協會:

public class MyAuthFilter 
extends AbstractAuthenticationProcessingFilter 
implements ApplicationContextAware { 
    private UserService userService; 
    @Override 
    public void setApplicationContext(ApplicationContext applicationContext) 
      throws BeansException { 
     userService = applicationContext.getBean(UserService.class); 
    } 
... 
}

將userDetailService.getDetail()的值來認證後認證對象和會話失效後,該關聯將傳遞給GC。

來源

2013-12-04 09:50:28 gavenkoa

相關問題

 相關問題