我加入這個答案我在形成一個解決方案,我不得不做出一些改變,讓這個工作。這個答案還幫我得到它的工作:https://stackoverflow.com/a/8336233/2688076
這裏是我的MockUserFilter:
@Component("MockUserFilter")
public class MockUserFilter extends GenericFilterBean {
@Autowired
private UserDetailService userDetailService;
private SecurityContext securityContext;
@Autowired
private AuthenticationProvider authenticationProvider;
public void setUserDetailService(UserDetailService userDetailService) {
this.userDetailService = userDetailService;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response;
if (securityContext != null) {
SecurityContextRepository securityContextRepository = WebTestUtils.getSecurityContextRepository(servletRequest);
HttpRequestResponseHolder requestResponseHolder = new HttpRequestResponseHolder(servletRequest, servletResponse);
securityContextRepository.loadContext(requestResponseHolder);
servletRequest = requestResponseHolder.getRequest();
servletResponse = requestResponseHolder.getResponse();
securityContextRepository.saveContext(securityContext, servletRequest, servletResponse);
securityContext = null;
}
chain.doFilter(request, response);
}
public void authenticateNextRequestAs(String username, ServletRequest request) {
UserDetails principal = userDetailService.loadUserByUsername(username);
Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities());
securityContext = SecurityContextHolder.createEmptyContext();
securityContext.setAuthentication(authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = ((HttpServletRequest) request).getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
}
}
除了這個我也不得不從過濾器鏈中刪除我的casAuthenticationFilter得到這個工作。我使用一個屬性值來啓用/禁用它。
我對Spring和Spring安全性比較陌生,所以對這個解決方案的任何評論都是值得歡迎的。我不確定這個解決方案有多「好」或「壞」。
有一點需要記住的是,這是一個在安全環境下進行本地測試或測試的解決方案,而不是您希望在開發環境中使用的解決方案。
你有完整的例子嗎? –