java.security.Principal中 - 创作HttpServletRequest和春季安全 [英] java.security.Principal - creation in HttpServletRequest and Spring Security

问题描述

1. 我无法找到的HttpServletRequest的java.security.Principal中是如何被创建 - 谁负责？它是如何做？难道一定保存在session？




2. 如何将它连接到春季安全？




3. 是否有任何替代Spring Security的，它使用主要为用户授权/认证？




4. 如何将一个实现自己的用户授权/认证，使校长将包含当前用户？

解决方案

1. 一般，主要对象将在会议上成功login.See <后href=\"http://static.springsource.org/spring-security/site/docs/3.1.x/reference/technical-overview.html#d0e1833\"相对=nofollow>文档。


2. 泉验证接口扩展主要接口


3. 另外，您可以使用阿帕奇四郎


4. 实施自己的的UserDetailsS​​ervice 这西港岛线返回用户对象（必须实现的UserDetails接口）请参阅<一个href=\"http://static.springsource.org/spring-security/site/docs/3.1.x/reference/technical-overview.html#tech-userdetailsservice\"相对=nofollow>文档。

1. I am unable to find how the java.security.Principal in HttpServletRequest is created - who is responsible? How it is done? Is it necessarily kept in Session?

2. How it is connected to Spring Security?

3. Are there any alternatives to Spring Security which uses Principal for User authorization/authentication?

4. How would one implement own user authorization/authentication so that Principal would contain the current user?

解决方案

1. typically, Principal object putting in the session after successful login.See documentation.
2. Springs Authentication interface extends Principal interface
3. Alternatively you can use Apache Shiro
4. Implement own UserDetailsService which wil return your User object(it must implement UserDetails interface) See docs.

这篇关于java.security.Principal中 - 创作HttpServletRequest和春季安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！