将用户添加到会话，弹出安全性默认登录 [英] Adding user to session, spring security default login

问题描述

我已设置弹簧安全性以正确拦截并提示用户使用自定义登录页面，然后正确进行身份验证并将用户细节添加到SecurityContextHolder。

I have set up spring security to intercept correctly and prompt user with custom login page, that then authenticates correctly and adds userdetails to SecurityContextHolder.

补充我现在想要在执行登录时添加我自己添加到会话的自定义User对象;所以代码看起来像这样：

Supplementary to that I now want to add my own custom User object added to session whenever login is performed; so the code will look like this:

public returnwhat? doMySupplementaryLogin() {

   UserDetails principal = (UserDetails) SecurityContextHolder.getContext()
                                .getAuthentication().getPrincipal();
   MyUser user = myUserService.getMyUser(principal.getUsername());

   add user to what ?
}

此代码在哪里？我希望执行nomral spring身份验证，然后上面的代码将MyUser对象放入会话，然后将用户发送到原始拦截的url / viewname。我有强烈的感觉，我使事情变得比他们需要的更复杂...

Where will this code go? I want the nomral spring authentication to be performed and then the above code will put a MyUser object into session and then send user to the original intercepted url/viewname. I have the strong feeling I am making things more complicated than they need to be ...

推荐答案

你确实让它变得复杂。 .. :)

You do make it complicated... :)

您想要的是为spring的普通身份验证管理器添加自定义身份验证提供程序。
所以你要像这样配置身份验证管理器：

What you want is to add a custom authentication provider to spring's normal authentication manager. So you would configure the authentication manager like this:

    <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider user-service-ref="authServiceImpl">
        <security:password-encoder ref="passwordEncoder"/>
      </security:authentication-provider>
    </security:authentication-manager>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>

现在你只需要在spring上下文中定义authServiceImpl bean。您可以通过xml或注释（我的首选方式）来完成此任务。

Now you only need to define the authServiceImpl bean inside your spring context. You can either do this through xml or annotations (my prefered way).

@Service
public class AuthServiceImpl implements AuthService {

您需要实现AuthService接口。只需从界面实现方法 - 应该非常简单。
您不需要自己将东西放入SecurityContextHolder中 - 春天会这样做。

You need to implement the AuthService interface. Just implement to methods from the interface - should be pretty straight forward. You don't need to put things into the SecurityContextHolder yourself - spring will do that.

你想要的是：

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
     return MyUser user = myUserService.getMyUser(username);
}

如果您有任何其他问题，请随时询问。

Feel free to ask if you have any further questions.

编辑：
或者你可以让你的UserService类实现接口 - 我只是这样做，因为你没有提供你的UserService类。

Or you could just have your UserService class implement the interface - I just did it like this because you didn't provide your UserService class.

这篇关于将用户添加到会话，弹出安全性默认登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！