Bra*_*rks 7 java security authentication spring
我的应用程序使用Spring Security,我的客户端需要:
所以我需要弄清楚如何在不知道密码的情况下自动登录任何用户.
如何使用Spring Security实现这一目标.
为了让这个工作,我不得不:
配置对UserDetailsService的引用(jdbcUserService)
<authentication-manager>
<authentication-provider>
<jdbc-user-service id="jdbcUserService" data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id = ur.user_id and u.username =? "
/>
</authentication-provider>
</authentication-manager>
在我的控制器中自动装载我的userDetailsManager:
@Autowired
@Qualifier("jdbcUserService") // <-- this references the bean id
public UserDetailsManager userDetailsManager;
在同一个控制器中,像这样验证我的用户:
@RequestMapping("/automatic/login/test")
public @ResponseBody String automaticLoginTest(HttpServletRequest request)
{
String username = "anyUserName@YourSite.com";
Boolean result = authenticateUserAndInitializeSessionByUsername(username, userDetailsManager, request);
return result.toString();
}
public boolean authenticateUserAndInitializeSessionByUsername(String username, UserDetailsManager userDetailsManager, HttpServletRequest request)
{
boolean result = true;
try
{
// generate session if one doesn't exist
request.getSession();
// Authenticate the user
UserDetails user = userDetailsManager.loadUserByUsername(username);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
}
catch (Exception e)
{
System.out.println(e.getMessage());
result = false;
}
return result;
}
请注意,可以在此处找到为应用程序使用spring security的良好前提.
| 归档时间: |
|
| 查看次数: |
12876 次 |
| 最近记录: |