0

有没有办法在使用 acegi 安全模块的 servlet 应用程序中避免基于表单的登录?我想以某种方式将登录名和密码传递给 URL。我试着这样称呼:

GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMIN")};
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("admin", "passwordofadmin", grantedAuthorities);
WebAuthenticationDetails authdetails = (WebAuthenticationDetails) authentication.getDetails();
HttpSession session = event.getSession();
ProviderManager pm = (ProviderManager)WebApplicationContextUtils.getWebApplicationContext(session.getServletContext()).getBean("authenticationManager");
pm.doAuthentication(authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);

在事件处理程序中HttpSessionCreatedEvent,我收到了AuthenticationSuccessEvent事件,但随后Failure也收到了事件并显示了身份验证表单。

4

1 回答 1

0

首先,您必须在 xml 中覆盖 UserDetailsS​​ervice。像这样的东西:

<bean id="userService" class="com.security.UserSecurityService" >
    ...
</bean>

然后编写自己的 service.like:

public class UserSecurityService implements UserDetailsService {
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException{

User user =userDAO.findByUsername(username);
GrantedAuthority[] grantedRoles = {new GrantedAuthorityImpl("ROLE_USER")};

        secUsr = new User(user.getUsername(), user.getPassword(), true, grantedRoles);

我希望这对你有帮助

于 2013-05-27T17:33:37.763 回答