0

我有一个调用 some 的登录表单LoginBean,它返回一个 ajax 回调参数,指示凭据是否有效。代码如下:

public void doLogin() {

    Authentication authenticationRequestToken =
             new UsernamePasswordAuthenticationToken(user, password);

    try {
        Authentication authenticationResponseToken =
                 authenticationManager.authenticate(authenticationRequestToken);

        SecurityContextHolder.getContext().
                     setAuthentication(authenticationResponseToken);

        if (authenticationResponseToken.isAuthenticated()) {
            RequestContext context = RequestContext.getCurrentInstance();
            FacesMessage msg;
            boolean loggedIn = true;
            msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "Welcome", user);
            FacesContext.getCurrentInstance().addMessage(null, msg);
            context.addCallbackParam("loggedIn", loggedIn);
        }
    } .authenticate(...) catches ...

    // Here I need some code that continue whatever j_spring_security_check
    // would do after authenticating.
}

我的应用程序现在的工作方式,在这个调用之后doLogin(),表单被提交到j_spring_security_check,然后再次进行身份验证过程,浪费了以前的工作。我正在尝试为此找到解决方案,不胜感激。

因此,最重要的是,我需要一些东西来模拟过滤器拦截时发生j_spring_security_check的情况(或一种明确强制拦截的方法),因此处理将在按钮后面进行,而不是在提交表单之后进行。

4

1 回答 1

0

如果你只是转发到 spring 安全认证 url 而不是SecurityContextHolder自己使用会更好。看看这段代码:

public String doLogin() throws ServletException, IOException {

    FacesContext context = FacesContext.getCurrentInstance();

        String springCheckUrl = this.buildSpringSecurityCheckUrl();

        HttpServletRequest request = (HttpServletRequest) context
                .getExternalContext().getRequest();

        RequestDispatcher dispatcher = request
                .getRequestDispatcher(springCheckUrl);

        dispatcher.forward((ServletRequest) request,
                (ServletResponse) context.getExternalContext.getResponse());

        context.responseComplete();

        return null;
    }

    private String buildSpringSecurityCheckUrl() {
        StringBuilder springCheckUrl = new StringBuilder(
                "/j_spring_security_check").append("?").append("j_username")
                .append("=").append(this.userName.trim()).append("&")
                .append("j_password").append("=")
                .append(this.userPassword.trim());
        return springCheckUrl.toString();
    }
}
于 2012-11-27T05:29:24.393 回答