servletApi()对Spring Security的支持很棒.
我想注入自定义Principal:
public interface UserPrincipal extends Principal {
public Integer getId();
}
@RequestMapping(value = "/")
public ResponseEntity<List<Conversation>> listAfter(UserPrincipal user){
// implementation
}
or
@RequestMapping(value = "/")
public ResponseEntity<List<Conversation>> listAfter(UserPrincipalImpl user){
// implementation
}
Spring支持在Principal实例的帮助下注入实例ServletRequestMethodArgumentResolver.
这是注射校长:
else if (Principal.class.isAssignableFrom(paramType)) {
return request.getUserPrincipal();
}
这是问题开始的地方.request在这里是一个例子SecurityContextHolderAwareRequestWrapper.它有一个实现:
@Override
public Principal getUserPrincipal() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
return auth;
}
因为一个Authentication也是一个Principal …