Acegi / Spring安全性是否支持getUserPrincipal（）？ [英] Does Acegi/Spring security support getUserPrincipal()?

问题描述

我需要将现有应用程序与Acegi / Spring安全性接口。

I need to interface an existing application with Acegi/Spring security.

为了开始，我正在寻找一条简单的信息：在这种情况下，将从我的应用程序调用的HttpServletRequest.getUserPrincipal（）正确返回通过Spring获得的用户名（而不是使用特定于Spring的对象）？我在Google上搜索了相互矛盾的信息。

In order to get started I am looking for one simple piece of information: in this context, will HttpServletRequest.getUserPrincipal() called from my application properly return the username obtained through Spring (as opposed to using Spring-specific objects)? I have Googled conflicting information on this.

我假设如果使用过滤器实现Acegi，它可以重载Servlet API的getUserPrincipal（），对吗？

I assume that if Acegi is implemented with filters, it is able to overload the Servlet API's getUserPrincipal(), right?

附属问题：如果默认不是这种情况，有没有办法打开它？

Subsidiary question: if this is not the case by default, is there any way to turn it on?

谢谢，

-Erik

推荐答案

如前一位用户的回答，春季安全支持getUserPrincipal和isUserInRole。以下是Spring安全性的用法。

As previous user has answer, spring security support the getUserPrincipal and isUserInRole. Here is how spring security does it.

配置spring时，它可以加载以下过滤器：

When you configure spring, it can load the following filters:

http://static.springframework.org /spring-security/site/reference/html/ns-config.html#filter-stack

作为标准过滤器配置的一部分， SecurityContextHolderAwareRequestFilter 过滤器已加载。

As part of the standard filter configuration the SecurityContextHolderAwareRequestFilter filter is loaded.

检查过滤器@ https：/ /fisheye.springsource.org/browse/spring-security/tags/spring-security-parent-2.0.4/core/src/main/java/org/springframework/security/wrapper/SecurityContextHolderAwareRequestFilter.java?r=2514

你可以看到它将 HttpServletRequest 对象包装并更改为 SecurityContextHolderAwareRequestWrapper 类，该类扩展 HttpServletRequestWrapper 实现 HttpServletRequest 并将其反馈给标准的Servlet Filter doFilter链。由于spring安全过滤器应配置为第一个过滤器，因此所有后续类都将看到 SecurityContextHolderAwareRequestWrapper 。这包括此过滤器后面的JSP页面或Servlet。

You can see it wraps and changes the HttpServletRequest object to the SecurityContextHolderAwareRequestWrapper class which extends HttpServletRequestWrapper which implements HttpServletRequest and feed it back to the standard Servlet Filter doFilter chain. Since spring security filter should be configured as the first filter, all subsequent classes will see the SecurityContextHolderAwareRequestWrapper instead. This includes JSP pages or Servlets behind this filter.

当您拨打时，isUserInRole 或 getUserPrincipal 来自JSP页面，Servlet或此过滤器后面的任何框架，它从Spring Security调用 HttpServletRequest 实现。

When you make a call to isUserInRole or getUserPrincipal from the JSP page, Servlet or any framework behind this filter, it is calling the HttpServletRequest implementation from Spring Security.

这篇关于Acegi / Spring安全性是否支持getUserPrincipal（）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！