在我的应用程序中,我们正在从SecurityContextHolderAuthentication对象捕获每个事务的用户详细信息。
但这UserID似乎是错误的。下面是代码片段供您参考。
SecurityContext.xml
春季安全3.2-
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:headers>
<security:cache-control/>
<security:content-type-options/>
<security:frame-options policy="DENY"/>
<security:xss-protection/>
</security:headers>
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/logoutSuccess*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/web/forgotPwd/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/web/**" access="ROLE_USER" />
<security:form-login login-page="/login.html" default-target-url="/web/landing/homePage.html"
always-use-default-target="true" authentication-failure-handler-ref="exceptionTranslationFilter" />
<security:logout delete-cookies="JSESSIONID" invalidate-session="true"
logout-success-url="/logout.html" />
<security:session-management session-fixation-protection="newSession" invalid-session-url="/login.html?login_error=sessionexpired" session-authentication-error-url="/login.html?login_error=alreadyLogin">
<security:concurrency-control max-sessions="1" expired-url="/login.html?login_error=duplicateOrsessionexpired" error-if-maximum-exceeded="false" />
</security:session-management>
<security:csrf />
<security:remember-me token-repository-ref="remembermeTokenRepository" key="myAppKey"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsServiceImpl">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager> …